Steve Ross: Thinking about cloud security

Shackleton Technologies managing director Steve Ross
Shackleton Technologies managing director Steve Ross
Share this article
0
Have your say

Cloud computing has brought millions of businesses an unprecedented level of data protection, but it isn’t a cyber-security “magic bullet”.

Many of us use the cloud every day without even realising it: Gmail, Google Drive and Dropbox are just a handful of cloud apps which have become crucial to our professional lives. The obvious security advantage of the cloud is data protection: gone are the days of forgetting to save, along with the threat of theft, natural disaster and even the dreaded coffee spill.

Cloud computing does not, however, eliminate security concerns and not a week goes by without some high-profile hacking incident or malicious malware outbreak. Since businesses use a greater volume of cloud services than other users, and with greater frequency, cyber-security remains a priority concern. Moving your operation to the cloud changes the way you do business – but it should also change the way you think about data security.

When you incorporate the cloud into your operation, it’s important to understand you are relinquishing control of some element of your infrastructure. While simple cloud storage may be low-impact, other services move computing processes into an off-site virtual environment – along with the virtual security risks that entails.

The security policies of your cloud operation should reflect the evolving nature of hacking and malware threats, meaning your employees should be given up-to-date training to deal with breaches. “Insider” attacks from employees, current and former, also mean more stringent recruitment criteria will be necessary.

Application programming interfaces (APIs) are sets of instructions integral to the orchestration and management of your cloud services. Your employees’ interactions with the cloud will involve constant use of APIs: the more functionality they offer, the higher the risk of data exposure. Ensure you assess and understand the security implications of your cloud provider’s API set-up.

Whether through malice or accident, data stored on the cloud can and does get lost. A lightning strike recently caused permanent data loss at one of Google’s data centres – luckily, personal back-ups meant users’ data was ultimately recoverable. Although the cloud provides a powerful safety net, backing up on-site or via another cloud service is the best way to protect your business.

Cloud services are becoming ubiquitous and offer attractive solutions to processes which, in the past, took time, effort and expense. Unfortunately, this simplicity can tempt businesses to overlook the importance of their own established security policies.

You don’t have to plunge headfirst into the cloud “deep end”. Hybrid options are available which combine the use of on-site backup and storage with specific cloud services. While the cloud promises a revolution for businesses of all sizes, your success will rely on a sensible integration process. If you run before you can walk, you risk exposing yourself to unnecessary security risks and, worse still, damaging the confidence of your customers.

Steve Ross is managing director of Shackleton Technologies