A Checklist for Customer Cloud Security
I often hear how Cloud is insecure from people who claim that unauthorized access is a real and significant risk for users of Cloud Computing. It always kind of frustrates me as, in my (admittedly somewhat biased) view, Cloud is as secure, if not more so, than traditional IT.
In our Cloud security whitepaper on CloudU, we spent a bunch of time talking about why Cloud Computing is in fact potentially significantly more secure than traditional models of IT delivery while at the same time pointing out the fact that there’s still stuff that organizations need to think about when using Cloud.
At the same time however we were totally realistic about the fact that there are still some things that end customers need to think about in terms of security. Sometimes the most useful thing for folks making a change is a simple checklist of things to think about and so, to that end, here’s our picks of things to think about when moving your organization to the Cloud;
- Firewalls – Customers still need to think about controlling the traffic in, and out, of their organization. Hardware and software firewalls ensure your traffic can bunch through, but the baddies are kept at bay
- Patches – You may be using lots of Cloud applications, but it’s still a safe bet that you have some desktop applications or, if not, at least some operating systems. These all need to have the latest versions of software running on them
- Backups – Unless everything you have is on the Cloud, you need to think about backing up your data, preferably off-site
- Controlling access to the Cloud – there’s no use being hyper secure if your employees leave mobile devices sitting around the place that people can access your sensitive data from. You need to think about policies and password protection for any device accessing your data
- Staff security – your biggest threat comes form within. Hire your staff well and make sure they don’t put you at risk, either maliciously or otherwise
- Passwords – the bane of our existence. Such an important area that we’ll come back to this one for more detail
Ensure these six points are dealt with, and you’re all set to enjoy a safe and rewarding Cloud experience.
We’re covering all things Cloud at CloudU, our Cloud Computing educational series. We’d love you to sign up to receive whitepapers and webinar invitations.
About the Author
This is a post written and contributed by Ben Kepes.
Ben Kepes is a technology evangelist, an investor, a commentator and a business adviser. His business interests include a diverse range of industries from manufacturing to property to technology. As a technology commentator he has a broad presence both in the traditional media and extensively online. Ben covers the convergence of technology, mobile, ubiquity and agility, all enabled by the Cloud. His areas of interest extend to enterprise software, software integration, financial/accounting software, platforms and infrastructure as well as articulating technology simply for everyday users.
More about Ben here.
Want to find me across the social web? Click below:
Google+, Facebook, LinkedIn and Twitter.
Agreed. Just because it’s easy and comes up fast doesn’t mean that it absolves the customer from doing due diligence. There are a lot of Saas companies who will help you with hardening your servers so if your team lacks the knowledge there is help available. But it’s not free and you still have to understand what the risks are if your data is compromised.
Having your stuff on an internal network is not a guarantee anymore of security because may organizations have external devices ( smartphones, tablets, laptops ) that they don’t have as much oversight on. And if your team is small with each person wearing a lot of hats, a managed cloud solution can be more secure because you’re dealing with trained security professionals rather than Joe Programmer who is really great with code but doesn’t understand Linux kernel config.
No matter your environment though, the greatest weakness is always the people. If you lock your machines down like Fort Knox and your CEO thinks having a secure password is too hard, well….good luck with that.