AVG SMB Security Boot Camp: Part Five- Cloud Computing and IT security
Cloud computing offers cost saving opportunities for SMBs to scale their IT operation, without a massive upfront investment in new IT resources.
The advantage for SMBs is that by using cloud computing they are now able to buy in a flexible amount of computing power (in the form of both data storage and applications) as and when they need it.
However, while financially beneficial, “public cloud” networks will never be as secure as on-premise servers and networks.
Cloud hosting companies supply data and applications with or without security protection services; it is simply a matter of your choice.
This means that security, privacy and system protection in cloud computing should be approached no differently to the rest of your IT security. Firms should treat their “cloud server” in the same way they would treat (and protect) a server located in their office.
First step for any business looking to migrate to cloud computing is therefore to undertake an audit to examine existing layers and protection.
The full risks of using so called “multi-tenant” clouds, which only allow customers access to their own data, is still not clear because hacking in this area is still comparatively less developed.
Also, data removed from the cloud may still reside in residual cloud data banks until it is over-written by new data. Many cloud data centres are new and the firms who operate them have yet to be clear on this policy. However, it seems wise to only store non-sensitive, non mission critical data on the public cloud services.
Data stored in the cloud uses the Internet “pipe” to input and output data and this in itself brings with it some risks. We have already seen cloud provider/hosting companies as large as Amazon and Microsoft suffering from so-called “brown out” cloud outages.
- Ensure you have a policy for what information/services you run from the cloud. Are they business critical?
- Cloud services can suffer from outages. Have you got a contingency plan in operation to deal with this? If not devise one.
- Exercise caution with regard to the input and output of cloud data. Could it harm the business’s welfare if it were to become corrupted or lost?
- Ensure you have adequate security protection in place for the cloud.