/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE, INDIA: Cloud computing is rapidly moving from hype to a must-have service model.
The benefits are certainly real, however, a business must ensure that the cloud environment is secure enough for its essential data. The whole idea of business-sensitive data residing in some unknown location keeps CIO’s &CSO’s up at night.
Also Read: 60 pc UK businesses not on cloud
Business leaders are concerned about how ready they are to address the issues that surface in every conversation about the cloud: security, privacy, availability, and data protection.
However, contrary to common beliefs on security, cloud can offer better security than internally housing data with on-premise infrastructure.
The reality and highly public profile of security lapses have not escaped the attention of top-tier cloud service providers. During the past two years, cloud providers have implemented critical controls and deployed technologies that aim to mitigate risks to reach a level of security that is trustworthy for critical data and applications.
Cloud service providers have developed suites of services designed to address cloud security on an end-to-end basis. For a company not in the business of infrastructure hosting, building similar expertise and implementing similar technologies for security results in huge investments in non-core areas of its business. However, a cloud provider can spread this cost across multiple clients.
Fool-proof physical security measures are adopted while designing and constructing cloud data centres. These include the following:
Carefully selecting the data centre region
Housing the data centres in nondescript locations
Securing data centre perimeter and ingression points by deploying professional security personnel equipped with video surveillance, intrusion detection system and other electronic systems
Using multi-factor authentication for even authorised staffs
{#PageBreak#}
Defined business continuity and disaster recovery management systems are in place to address any unforeseen circumstances. Moreover, redundancy at each level of the cloud infrastructure ensures high availability of data.
Most public cloud providers today provide service-level agreements ensuring at least 99.95 per cent availability.
Within the cloud, each client’s stack can be kept separate from each other using instance isolation. With security measures deployed across each layers of the host and the guest operating system an additional level of security is incorporated, separating the guest and the hypervisor.
Active monitoring of other security settings — such as configured inbound firewalls, signed API calls, secure socket layer (SSL) encryption protect the data contained within the cloud from being intercepted by unauthorised systems or users.
Authorised users of cloud are identified using techniques such as account identity and access management key rotation.
When data privacy is an issue, so too is compliance with regulatory requirements. Many of today’s privacy regulations affect where and how information can be stored or processed. Some cloud service providers are working on or are already compliant with various certifications and third-party attestations, viz. Sarbanes-Oxley, SAS-70, ISO27001, FIPS 140-2, SOC 1, SSAE 16, ISAE 3402.
Alongside, cloud service providers are addressing industry and country specific requirements viz. HIPAA for the healthcare industry, PCI DSS for credit card transactions and FIPS 140-2 a US government security standard.
Reliable vendors should undergo regular audits that list controls around confidentiality, integrity, and availability of the data on their systems.
Finally, established formal policies and procedures around employee lifecycle management minimise physical and logical access to client data or cloud infrastructure ensuring data security.
In today’s harsh operating environment, adding value and increasing efficiency are imperative; however companies cannot overlook regulatory compliance, corporate governance issues and meeting stakeholder commitments which are quintessential to any organization’s reputation.
Companies must carefully examine the capabilities of any potential cloud service provider. Security, compliance, availability, and scalability are all factors that must be thoroughly evaluated using a comprehensive methodology. Cloud providers and users can benefit from an independent and objective assessment of controls and policies related to cloud computing solutions.
For companies to reap the benefits of cloud, third party assurance may be an ideal catalyst that CIO’s and cloud providers should look forward to.
The author is leader of emerging technologies at PwC India.