In the wake of high profile data breeches, many IT professionals are increasingly preoccupied with how best to secure their valuable data, particularly if they’re considering storing it in the cloud. Russell Smith, Solution Architect at Pulsant, helps restore their faith in storage as a platform with some simple tips to getting a cloud solution they can trust.
1. Identify User Access Safeguards Make sure your cloud computing partner can supply specific information about the privileged administration rights to any information stored within the cloud environment, and can tell you exactly what access controls are in place.
2. Ensure Regulatory Compliance If you’re involved in a tightly legislated industry make sure your cloud platform supports any relevant data standards. For example retailers and ecommerce providers are required to ensure PCI DSS compliance. If the hosting platform is already pre-certified it can help reduce scope –lessening your operational burden without compromising security.
3. Specify Data Location For certain data applications, particularly those involving financial services or sensitive customer details, organisations may need proof of location. From a legal point of view, this may mean restricting it to certain countries. Some suppliers rely on offshore datacentres for storage provision. Make sure your cloud partner is aware of any location sensitivity and can respond with clear and exact details of where your data is stored. Getting your cloud from a local datacentre can also help address issues associated with latency if you need to be able to access information in real time.
4. Insist on Proper Data Segregation Firewalls are vital in the cloud. However, some cloud vendors provide access to a virtual machine (VM) on the internet, leaving it to the business to lock down their data on a local level. Ensure your provider uses virtual datacentre technology to provide segregated environments on a shared platform and can provide assurances and service levels that ensure nobody else will be able to access your data.
5. Outline Options for Recovery While not strictly a security concern, back-up is important to safeguard your data. Your cloud partner should be able to counsel you on worst case scenarios to help you ensure that the correct level of replication is built in from the outset and an appropriate backup regime is established.
6. Request Investigative Support To Flag up Risks This isn’t always practical in a large multi-tenant cloud environment, as distinguishing each business’ traffic from the other multitude of customers is extremely difficult. However, cloud providers like Pulsant, who specialise in bespoke solutions, can tie managed intrusion detection services within the cloud environment. This ensures that all data is passed through a network intrusion detection system (NIDS) device and monitored by support personnel 24/7. You get an instant alert if there is an attack and evidence and monitoring for retrospectively investigation should a breach be discovered.
7. Seek Partners With Long Term Viability And a Good Attitude Make sure your cloud computing vendor is stable and that your contract covers every eventuality; especially a safeguard should the provider be acquired by another company. This includes ensuring that there’s always a way of getting data back. Select a provider with open, helpful and customer focused support staff because, at the end of the day, security is about being able to rely on people you can trust.