When it comes to asking questions about the Cloud, one of the most popular questions to ask is how safe is the Cloud? The security of your data and your company is paramount, and as such, knowing how safe the Cloud is before moving into it is equally as important. To understand the safety of the Cloud we must consider the subtle differences between security ‘of’ the Cloud and security ‘in’ the Cloud.
It is extremely important to understand the Shared Security Model. Cloud security is a shared responsibility equally between the Cloud service provider and the organisation using the Cloud services. While the Cloud service provider is responsible for the infrastructure upon which the Cloud based services run, the consumer is equally responsible for the management, security, and protection of their businesses IP or data. You cannot abdicate this responsibility to the Cloud provider.
A simple yet vastly often overlooked example of the Shared Security Model is Office 365. Contrary to popular belief, there is a misconception that Microsoft fully backs up your Office 365 data (i.e. Email, SharePoint & OneDrive) and provides the same level of enterprise data protection services that have traditionally been provided by in-house IT teams. Once aware of this many of our customers now protect their Office 365 data with our secure SaaS backup service. This protects your Office 365 & Salesforce.com data so it can be recovered if it is deleted accidently, or via more malicious behaviour.
Multi-Level Cloud Security
Cloud security operates on many levels. It records any attempts to breach the security of your data or operations, including tracking of logins which have accessed the Cloud at any time, and what they have done while inside the Cloud. This combined with a plethora of preventative measures such as advanced firewalls, intrusion detection, and heavy encryption can make the Cloud just as or even more secure than most other forms of traditional IT.
In a hybrid or multi Cloud world IT operations essentially have no borders. It is therefore important to recognise that the ‘old way’ of protecting your organisation with a number of stand-alone security products is no longer sufficient. These traditional on-premise security tools are not designed to operate in dynamic multi Cloud environments. Recently, a global client of ours asked us to undertake a security assessment. They felt that their organisation was effectively secured with their existing on-premise firewalls but wanted to check. One of the first things our team noticed was a large amount of data being transmitted to Russia (where they have no offices) on a regular basis via a compromised SaaS App.
This means that it is imperative for organisations to be well informed about maintaining security when accessing and operating online or handling sensitive data. A recent report from the analyst firm Gartner, proposed that within the next five years, nearly every breach of Cloud security will be at the fault of the operator, not the service provider. So, having a team that is educated and aware of the dangers present in the hybrid or multi Cloud world is invaluable.