Do you think Cloud is Secure?

With Cloud being the most rapidly evolving concept (service delivery model), the major Question arises in customers mind – Is cloud secure? 

I guess it’s a wrong question to be posted, rather the concern should be: Are the cloud services used by my Organization is secure enough? Is the provider I’m hosted with is providing me cloud services which complies to my companies regulations? Is my data being accessed or viewed by other customers hosted with the same provider?

IT professionals often perceive the cloud as insecure as or less secure than having their applications and data residing inside their own datacenters. But perceptions don't necessarily match reality.

The counter Question to my customers who raise the security concerns have always been: What are their expectations of security on cloud?

We need to start at the top and engage senior management. Cloud needs can no longer be thought of as a technical issue to address, but rather a business asset to embrace.

The potential of consuming cloud services is transforming the IT from cost center to business engine. Several companies have put off moving to the cloud simply because of security concerns. Otherwise, cloud computing with its pay-per-use and get-when-you-demand model seems to be a win-win situation.

I would step back and drive this discussion via Managed hosting provider’s perspective. Most of the companies are driven to outsource their IT or Business applications to a managed hosting provider. The fundamental for this is simple, Orgs don’t need to make upfront investment to build and setup a new datacenter. No need to hire IT admins to monitor and manage the huge complex Infrastructure with no guarantee to the SLA’s or service availability. The real pain is to manage the vendors for license renewal, monitoring tools, upgrades, application management. The typical SLA’s provided by the AMS vendors with basic offering is best effort and if you really need best in business service availability then it comes with big cost. 

As your business grow, the IT hunger for Infra expansion grows as well and this is a never ending story. After 5 years, the H/W refresh is needed and the process becomes more complicated when you don’t have all the inventory documented properly which we see in most of the cases.

The above are some of the reasons why companies choose to outsource it to the managed service providers and concentrate on their core business. As by doing this, they get better SLA’s, scalability on demand and a player to blame on (just kidding).

When you outsource it, the data is already residing with the MSP (managed service provider) either in shared platform or dedicated and customers get only 'sudo' access to the Infrastructure to perform any activities like upgrading apps, maintenance, configurational changes etc.  

It’s time for our customers to start believing that data integrity is bread and butter for the Cloud service providers. They will never play with it as their SLA’s are tied with the services they sell and they also sign NDA. Why do you think that all the major IT players in the market are spending fortune on testing and developing new methodologies of providing Cloud Platform? They are aware of the customers concerns but they have the ways of tweaking the services and making them better and secured before offering them. This is their core business and they are good at it, so let’s leave this job to them and have them help us finding a solution that suits us.

As I have mentioned earlier, that it totally depends on the business requirement and the cloud provider you are interacting with. Because of the risks of cloud computing, many major providers take their security much more seriously. Their policies and physical security on site are often much tighter than traditional hosting platforms, with employees dedicated to actively monitoring how the network is performing, and taking action when an intrusion is detected.

The cloud providers offer services in different profiles like Basic, Balanced and Premier. Each profile comes with different level of security with Premier being the best. Before opting for cloud services, the customers have free will to evaluate the security and do a POC. There are various dedicated security services offered by cloud providers to make sure that your connection, accessibility and data are secured as per your requirement and meets your companies compliance.

The best way to approach cloud security is to integrate it with your overall cloud planning early in the process. That way you can use a threat-based approach to planning for deployments of your specific workload(s), the security requirements, and the specific cloud delivery model and architecture.

The security of the cloud services is the joint responsibility of your organization and your cloud service provider. Depending on the cloud delivery model and services you deploy, security is the responsibility of both parties.

If you are still worried about the security of your data, there are measures you can take to ensure that your information is safe.

If you have already outsourced your IT to a managed service provider then go for a combination of Public and dedicated setup.

Have your DB hosted on dedicated servers and host the external portals on a public cloud. This hybrid option will let you have a taste of cloud services and at the same time you will be settled with your data being resided safely.

The security and reliability of Cloud provider platform is fundamental to their business. They provide complete rigorous audit on the safety of the services by leading security firms. The audit reports can be shared with the customers as well.

To me, the security of the services hosted on cloud totally depends on the way the end users are connecting to the applications and how they are integrated at the back-end with the databases.

Much of the information in this document comes from my own experience dealing with large Enterprise customers.

I would suggest that you talk to the cloud provider and give them a chance to create a Cloud service that caters to your business need keeping the kind of security you want for your services.