Cloud Security: The best defense is a good offense

As mid-sized businesses look to the cloud for its dramatic business results—significant CAPEX savings, scalability and the ability to focus IT spending towards projects that contribute to the bottom line—many put on the breaks over security concerns.

According to Shahin Pirooz, CenterBeam CTO, this doesn’t have to be the case for IT leaders who are clear on their priorities and firm on their requirements. In this short video, Pirooz offers four practical precautions that make a transition to the cloud not only a smart but a safe decision.

4 Considerations Before Moving to the Cloud

1. Don't entrust your security to somebody else

First and foremost, don't entrust your security to someone who does not have a track record for delivering secure cloud services.

• Do your homework: has the provider built in redundancies? Where and how? Are their controls around security procedure and practice, IT policies, and infrastructure audited to ensure compliance with the strictest standards and best practices?

• Check their history: have there been security breaches in the past? To what extent? What were the implications to their customers? If there have been past issues, were they remediated?

2. Carefully consider each application you're moving

Use a critical eye when making decisions of what applications or functions you move to the cloud, and what levels of security are required for each. When building out your cloud environment, hold your provider(s) to the same security standards you would use if you were deploying it in your own datacenter. Importantly:

• Does the provider you are working with have integration experience? This can be a critical component of ensuring your cloud services operate seamlessly and securely with each other and across your enterprise.

• Never allow direct access to your core. Institute a true tiered network architecture, separating the DMZ from your core network.

• Never deploy a cloud solution without firewalls. You wouldn’t do it in your datacenter, so don’t do it with a cloud provider. This protects your core network from the public internet to prevent unwanted access to your infrastructure.

• Never administer services over the public internet. Never deploy a solution that requires you to administer your services over the public internet (i.e. web control panel). Make sure you have VPN connectivity into the cloud provider, making it a secure network. You can then be more comfortable that your cloud services are operating as an extension of your network vs. on servers floating in the cloud somewhere.

3. Make sure your business decisions drive your technology decisions

Make sure your business objectives drive your technology decisions and not the other way around.

• Don’t cut corners or make tradeoffs that will put critical areas of your business at risk. This applies whether your infrastructure resides on premise or in the cloud. The cloud is neither more nor less secure than on-premise data storage solutions - it's all a matter of understanding what controls are available and how you implement them.

4. Have a plan in place for failure.

• Just because something moves to the cloud doesn’t mean the technology can’t fail, or a human won’t make an error.

• As you would with other technology aspects, make sure you (and your provider) have a plan for failure, one you are comfortable with and one both of you can execute.

Making a decision to have an expert provider manage your data doesn’t mean you should let your guard down. The best offense for smart IT leaders is to implement a strong defense – taking measures to reduce the risks and ensure a secure cloud environment.

Questions?

Whether you're considering a public, private, or hybrid solution--or you're trying to sort through the slew of acronyms and options--we're available to answer any questions you have about your environment and specific business requirements.