For many companies, security in the cloud still comes with many misconceptions attached. European organisations, in particular, worry that storing their data on a third-party system equals giving that party complete control over it. But is that really so? What are some things that companies should think of when it comes to keeping their assets protected in the cloud? One thing is for sure: When you’re planning to migrate into the cloud, you need to bake security in to your plan from the start.
To put some perspective on it, the security you need depends on the potential threat you’re facing. Also, there’s more than one kind of cloud and it’s important to understand how each one stacks up against your traditional on-premise data centre. In other words, there’s no one answer to the question of cloud security. One fact, however, is that your average SME data centre can’t hold a candle to the defences protecting IT infrastructure in a public cloud. This is because the big hyperscaler companies invest the kind of money and other resources in IT security that a typical German SME simply can’t afford. The real risk, however, isn’t potential infrastructure downtime, it’s the who can access your data, and where. And is it safe when it travels from one service to the next?
All the services that employees use without the knowledge of your IT department are what make up your shadow IT. They piggy-back on your official IT infrastructure while remaining opaque to your organisation’s IT service management, both on the operational and strategic layers. And here lies the biggest risk of data leaks. Surveys across many companies have revealed that shadow IT is much more prevalent than projected in even the most pessimistic estimations.
I’ve seen first hand in a number of projects that the unintended loss of rights to intellectual property through the use of unapproved cloud services is a risk that many organisations underestimate.
The big-name public-cloud providers design their data centres to guarantee exceptional uptime. It is hence safe to assume that the public cloud is much more robust and protected against hardware downtime compared to your typical on-premise data centre. Another critical issue is the way your local resources connect to the cloud. As data travels from your premises to the cloud through common internet lines, which are not usually the responsibility of the cloud provider, it is advisable to have a contract in place with your ISP that ensures the required reliability and network redundancy.
Let’s go back to the right way of tapping into the cloud and the need for a consistent cloud strategy. There are a number of questions that companies need to answer: What kind of data do you want to keep where? Are there any legal restrictions to consider? How can you access your data when the usual ways are out of order (think backup)? Where does the cloud provider’s liability end and yours begin? In this context, it’s important to understand the shared-responsibility model, which means that while the provider makes a secure infrastructure available, it remains your responsibility to operate it and decide, for example, which data reside in the cloud.
We offer our customers expert consulting to help them tailor their optimal cloud strategy and architecture, as well as hands-on support for building hybrid cloud environments. We have designed a step-by-step model to give you the right kind of support at the right time, beginning with business architecture workshops to discuss and work out business requirements, to translating these into a suitable IT strategy and cloud architecture. A strategy is always about how you get from where you are to where you want to be. It is hence important to first understand the business objectives you want to achieve through your cloud strategy, and whether your primary goal is to reduce costs, increase flexibility, or something else altogether. When you choose Bechtle to help you develop your cloud strategy, you can be sure that you’ll not just have the technology sorted out, but also all your current and future business needs, complete with the right IT security.