There’s been a proliferation of cloud service providers on the local scene and this has granted companies the privilege of greater choice around who to entrust their data. The right to choose is one that Richard Broeke from specialist managed IT security services company Securicom, says companies should be exerting more assertively – especially since cyber attacks on cloud companies are anticipated.
“Security has always been a bugbear for companies considering the cloud. But, now that it’s maturing, cloud computing can actually offer some security benefits to companies, especially smaller ones that don’t have skilled people in house to manage company systems and make sure that they are patched and updated properly.
“Well-run cloud applications, with a credible provider, are more likely to be secure and adequately backed-up than the average on-premise system at an average company. Professional cloud service providers will also have strong policies on who can access their customers’ data and under what conditions. They will also have robust security in place to protect data centres.
“The problem is that not all cloud applications are well-run and not all cloud companies are professional or secure. Companies must ask a lot of important questions before signing up with a provider and handing over their data,” warns Broeke.
He continues: “The importance of choosing a credible and trustworthy cloud provider goes without saying. You have to do your homework when choosing a provider. Evaluate their experience in the market, how long they have been around, the type of partnerships they’ve got, and importantly, where their data centres are and what measures they have in place to protect them.
“You should also fully evaluate the terms and conditions of extracting and recovering your data at a later stage as there may be a fee involved. It is also a very good idea to talk to get references from their other customers before you commit.”
In its 2013 Internet Threat Report, Symantec predicts a rise in attacks on cloud providers this year. So far, most of the very big data breaches have occurred in businesses which collect a lot of personal and confidential data such as healthcare providers, banks, online retailers and games companies.
With this in mind, Broeke says companies should never sign up with a cloud provider that cannot offer multiple levels of security to secure the cloud environment.
“Data centres, which should ideally be housed on South African soil, should feature stringent physical security. Then, naturally, there should be numerous security technologies employed at every other level, from measures to protect data in transit and while it’s at rest, to authentication and access control technologies to ensure that only authorized personnel are able to access, use or change data.
“Remember that the communication line to a data centre is the internet, and this is inherently an unsecure network. Communication between onsite and off-site systems therefore needs to be secured with point-to-point encryption. Encryption is not a given with all data centres providers. In fact, many expect companies to take care of it themselves.
“When housing applications and data in the cloud, companies must own their own data and take ownership of securing it. Ask what is in place to protect your data, if you aren’t satisfied, move on to another provider.”