Cloud computing has, in the past few years, become a viable alternative to in-house server-based solutions. However, for many small to medium-sized businesses, concerns and doubts remain about migration to the cloud. Security is the main concern. There’s an instinctive resistance to the idea of “all my stuff being out there, rather than in here”. Meanwhile, big IT security news stories – such as the recent “Heartbleed” controversy – even if not directly related to cloud computing do not help the cause.
There are, however, a range of tools available that can bring practical reassurance to business owners making a cloud migration. Let’s take a look at examples from three different areas of cloud data protection.
Establishing vendor compliance
A lot can, and should ideally, be done to bring peace of mind prior to a cloud migration. During a procurement or research process, establish with potential vendors what steps they will take to protect your data. It could be that as a hard-pressed business owner, you may simply not know what questions to ask. If you don’t have the time or money to start an information security recruitment drive, you can however make use of two documents provided for free by the Cloud Security Alliance (CSA). The “Consensus Assessment Initiative” and the “Cloud Controls Matrix” are essentially two spreadsheets stuffed to the gills with questions and criteria that a vendor should need to address. If you are intimidated by the documents in full, then simply select some choice questions to pose.
Once on board with a cloud provider, you need to think about any steps you can take to ensure prying eyes are kept off of your data at all stages, especially whilst in transit to the cloud. For this, you need to make sure data encryption is in place. Encryption is the process of rendering data unreadable whilst it’s in transit or storage. Software is available that will encrypt and unencrypt users’ files seamlessly during their interaction with a cloud service. Some cloud services provide encryption automatically, but you may prefer using a standalone product, such as CipherCloud. Providing ironclad encryption, CipherCloud works in tandem with a range of cloud services, such as Salesforce, Box, Office 365, and Gmail.
Finally, if you are a medium-sized business bordering on the large side, perhaps with around 100 employees, you may want to consider a way of “nailing down” all the cloud services that your employees use for work. This can be tricky, bearing in mind the BYOD (Bring Your Own Device) revolution, but one option is a programme called Okta. This creates a single sign-on portal to all authorised cloud services. Okta provides rock-solid identity management, so your IT specialists will know who is logged on to what service at any given point. This deals, in one fell swoop, with the threat of unauthorised, hard-to-trace browsing of your cloud content.
All in all, there are plenty of options to consider that can smooth the way for any SME’s transition to the cloud.
[su_box title=”About Ryan Farmer” style=”noise” box_color=”#336588″]
Ryan Farmer has worked at Acumin for the past five and a half years as a Senior Consultant and now a Senior Resourcer. With a strong understanding of the InfoSecurity industry and the latest market developments, Ryan sources leading information security candidates for some of the world’s largest End User security teams, start up security vendors and global consultancies.Ryan is heavily involved in the Risk and Network Threat forum, has a keen interest in Mobile Security and is an active blogger and InfoSec writer.[/su_box]