With Cloud
being the most rapidly evolving concept (service delivery model), the major Question arises in customers
mind – Is cloud secure?
I guess
it’s a wrong question to be posted, rather the concern should be: Are the cloud services used by my Organization
is secure enough? Is the provider I’m hosted with is providing me cloud
services which complies to my companies regulations? Is my data being accessed
or viewed by other customers hosted with the same provider?
IT professionals often perceive the cloud as insecure as or
less secure than having their applications and data residing inside their own datacenters.
But perceptions don't necessarily match reality.
The counter Question to my customers who raise the security
concerns have always been: What are
their expectations of security on cloud?
We need to start at the top and engage senior management.
Cloud needs can no longer be thought of as a technical issue to address, but
rather a business asset to embrace.
The potential of consuming cloud services is transforming
the IT from cost center to business engine. Several companies have put off
moving to the cloud simply because of security concerns. Otherwise, cloud
computing with its pay-per-use and get-when-you-demand model seems to be a
win-win situation.
I would step back and drive this discussion via Managed
hosting provider’s perspective. Most of the companies are driven to outsource
their IT or Business applications to a managed hosting provider. The
fundamental for this is simple, Orgs don’t need to make upfront investment to
build and setup a new datacenter. No need to hire IT admins to monitor and
manage the huge complex Infrastructure with no guarantee to the SLA’s or
service availability. The real pain is to manage the vendors for license
renewal, monitoring tools, upgrades, application management. The typical SLA’s
provided by the AMS vendors with basic offering is best effort and if you
really need best in business service availability then it comes with big cost.
As your business grow, the IT hunger for Infra expansion
grows as well and this is a never ending story. After 5 years, the H/W refresh
is needed and the process becomes more complicated when you don’t have all the
inventory documented properly which we see in most of the cases.
The above
are some of the reasons why companies choose to outsource it to the managed
service providers and concentrate on their core business. As by doing this,
they get better SLA’s, scalability on demand and a player to blame on (just kidding).
When you
outsource it, the data is already residing with the MSP (managed service
provider) either in shared platform or dedicated and customers get only 'sudo'
access to the Infrastructure to perform any activities like upgrading apps,
maintenance, configurational changes etc.
It’s time
for our customers to start believing that data integrity is bread and butter for
the Cloud service providers. They will never play with it as their SLA’s are
tied with the services they sell and they also sign NDA. Why do you think that
all the major IT players in the market are spending fortune on testing and
developing new methodologies of providing Cloud Platform? They are aware of the
customers concerns but they have the ways of tweaking the services and making
them better and secured before offering them. This is their core business and
they are good at it, so let’s leave this job to them and have them help us
finding a solution that suits us.
As I have
mentioned earlier, that it totally depends on the business requirement and the
cloud provider you are interacting with. Because of the risks of cloud
computing, many major providers take their security much more seriously. Their policies
and physical security on site are often much tighter than traditional hosting
platforms, with employees dedicated to actively monitoring how the network is
performing, and taking action when an intrusion is detected.
The cloud providers offer services in different profiles
like Basic, Balanced and Premier. Each profile comes with different level of
security with Premier being the best. Before opting for cloud services, the
customers have free will to evaluate the security and do a POC. There are various
dedicated security services offered by cloud providers to make sure that your
connection, accessibility and data are secured as per your requirement and
meets your companies compliance.
The best way to approach cloud security is to integrate it
with your overall cloud planning early in the process. That way you can use a
threat-based approach to planning for deployments of your specific workload(s),
the security requirements, and the specific cloud delivery model and
architecture.
The security of the cloud services is the joint
responsibility of your organization and your cloud service provider. Depending
on the cloud delivery model and services you deploy, security is the
responsibility of both parties.
If you are still worried about the security of your data,
there are measures you can take to ensure that your information is safe.
If you have already outsourced your IT to a managed service
provider then go for a combination of Public and dedicated setup.
Have your DB hosted on dedicated servers and host the external
portals on a public cloud. This hybrid option will let you have a taste of
cloud services and at the same time you will be settled with your data being
resided safely.
The security and
reliability of Cloud provider platform is fundamental to their business. They
provide complete rigorous audit on the safety of the services by leading
security firms. The audit reports can be shared with the customers as well.
To me, the security
of the services hosted on cloud totally depends on the way the end users are
connecting to the applications and how they are integrated at the back-end with
the databases.
Much of the
information in this document comes from my own experience dealing with large
Enterprise customers.
I would suggest that you talk to the cloud provider
and give them a chance to create a Cloud service that caters to your business
need keeping the kind of security you want for your services.
