Is the cloud secure?
Cloud Security vs On Premise Security
Many of my discussions lately have centered around moving to the cloud. I don’t think it’s a conversation that’s going away anytime soon. There is one question that always gets asked that I wanted to talk about today. Is the cloud secure?
The short answer is yes, with a few small caveats. Here is a quick side by side breakdown of how your on-premise server compares to most cloud solutions for security. Not all cloud solutions are created equal, so you should check with your provider to see what their uptime guarantee and redundancy is. There are also awesome ways to set up on premise servers to get great redundancy and automatic failover. Most small businesses don’t have that kind of setup however, so my chart compares what I typically see and not what could be.
On Premise Server Cloud Solution
Single Physical Server | Typically set up in a cluster with high availability to provide a high level of uptime |
Lock on the door to the server closet | Biometric scanning on all doors to gain access. Only given to those who have gone through an approval process and done a background check |
Firewall | The datacenter itself will frequently have multiple firewalls and additional security in addition to your own firewall if you are collocating |
Single Power Connection | Access to multiple power grids |
Battery Backup | Multiple power grids along with battery backup and generators |
Single Internet Connection | Multiple Internet connections with different providers and failover setup |
Can be configured for compliance, but has none out of the box | Most data centers meet compliance standards for HIPAA, PCI-DSS, SSAE-18, SOC, and NIST out of the box |
Server Closet Cooling Unit | Huge centralized redundant cooling systems |
No Uptime Guarentee | Most will give at least 99.99% guarantee of uptime |
As you can see most cloud solutions win in every category. Physical security, redundancy, cyber security, and more. So yes, the cloud is secure. Most of the breaches we see happening with cloud solutions are caused by the user and not the cloud provider. That’s something worth a couple of thoughts as well.
What to look out for
When you’re evaluating your options for moving to the cloud you should ask a bunch of questions. You should ask them what their uptime is, what security measures they put in place, and what redundancy they have deployed for their users. Ask them what happens if a disaster strikes?
You should also ask them about backups of the data. Frequently it seems users assume that every cloud solution automatically backs up their data. This is not always the case.
Office 365 is a good example. While they have a 99.99% uptime, they don’t do backups of client data. They do have a “recycle bin” where deleted data can be salvaged for 30 days, but after that data that a user deletes is gone. For this reason, we recommend that folks use an office 365 backup solution.
Many cloud providers will have similar policies, so be sure to check that your backup plan extends to the data you have on the cloud and that sufficient safeguards have been put in place.
Multifactor Authentication
One of the great things about the cloud is that your data is accessible anywhere. This can also be a security concern, because if a bad actor gets your username and password, THEY can access your data from anywhere.
One of the simplest and most effective solutions to this problem is multifactor authentication. I wrote about this a couple of weeks ago. See the blog article here.
Using MFA allows you to easily secure those cloud accounts and eliminate almost all the threats you would face from stolen credentials.
Insider Threats
Another potential threat you should have a plan for with cloud solutions is insider threats. Most commonly this would come in the form of a disgruntled employee that got let go. Since they have access to that data from home, they could steal company secrets, client lists, or delete important information.
This is probably a rare case, but it makes sense to have a plan of action in place. That way immediately upon termination you can shut down that employees’ access to all company data so they have no chance to do anything untoward.
Shared Responsibility
Most cloud solutions have great controls available to you to secure your data and limit access. However many of them leave the configuration of those tools up to you. You still must set up security settings. You must set file permissions. Your organization may still oversee a quality backup solution as well as monitoring and maintenance of that solution.
It’s possible that you will need to configure additional security settings such as data loss prevention and others to ensure that sensitive data doesn’t leave the cloud unencrypted.
Most of the major cloud providers have all these and more security features available to you, but it’s up to you to turn them on and make sure they’re working properly.
Final Thoughts – Is the Cloud Secure?
Yes, the cloud is secure. Business owners and stakeholders need to be aware of some of the specific things to look for to ensure their data is safe. They need to ask good questions and make intelligent decisions about how cloud solutions are managed. In addition, they need to not assume that security and backups are “built in” with cloud solutions and take the additional steps necessary to secure their data.
As always, we’re here to help. Migrating to the cloud can be a challenge. i.t.NOW has helped tons of clients make the move successfully and secure their data. We can help you too. Call us today.