Still Wary About Security in the Cloud? Here's What to Look For

As originally published in the American City Business Journals.
The cloud computing market is, in three letters, H-O-T.
While hosted email and file storage have been massively popular for some time now, full cloud infrastructure is also on an aggressive upward trajectory; according to a Technavio report, the global virtual desktop market will grow at a pace of 11% each year through 2020.
While these trends are obviously good news to those of us in the cloud industry, this might actually be even better news for businesses who are moving toward a cloud model.

Why this matters

Basic economics will tell us that competition breeds better pricing and a better overall product. For cloud computing specifically, there’s one other element in particular that’s being affected by the state of the cloud market: security.
If there’s one obstacle that most often leads businesses to shy away from the cloud, it’s the fear that their data won’t be safe on another person’s servers (which is really all that a “cloud” is).
Sometimes these fears can be allayed with a simple fact sheet that spells out the provider’s security measures. Sometimes it takes a tour of the provider’s datacenter and seeing the controls in person. Either way, providers are increasingly tasked with demonstrating how exactly they will safeguard client data, and those who fall short… well, they won’t get the business.
In other words, even if a cloud provider didn’t take security seriously before, they have no choice but to get their act together if they intend to stay relevant.

New call-to-action


What to look for in a cloud provider

While we’ll see providers grow increasingly sophisticated as time goes on, there’s still a chance you’ll encounter a dud in your hunt for the right cloud provider. To help you identify the good ones, here are some qualities to look for:

  • A strong, confident client base. Technology is only ever as good as the people behind it, so you need to know that the company behind your cloud is worth its salt. Dig into their client base and make sure the company is well-regarded, that they’ve served organizations like yours before, that there haven’t been any major security incidents, and that they are generally a trustworthy bunch.
  • A robust datacenter. If you’re going to rely on your provider’s servers in their datacenter, you need to know that the datacenter has the physical and environmental controls, monitoring and alerting, redundancies, security traps, and staffing to keep your environment secure and running. I wouldn’t say that a tour is necessary, but details on the safeguards are.
  • Full disaster recovery capabilities. Backups are critical, but are insufficient on their own. Your cloud needs to have automatic failovers in the event of internet, power, and hardware failures, and your data should be live-replicated to a secondary location so that your environment is protected even if your primary datacenter were destroyed. Ask the provider “what if” and see how they respond.
  • Written data security policies. The provider should have documentation of their permissions, malware protection, patching policies and procedures, incident response policy and reporting, and other security policies that are currently in place. They should be able to share this documentation with you, too.
  • A roadmap for future security initiatives. Contentment is a dangerous thing when it comes to technology; hackers most definitely won’t stop advancing their methods, so your provider is obligated to do the same. Whether the roadmap involves migrating to a better datacenter, implementing data loss prevention (DLP), implementing two-factor authentication, or researching access based enumeration (ABE), there needs to be methodical forward movement. When evaluating providers, ask if they can give you a high-level explanation of their plan.

These, of course, should be considered your minimum requirements when selecting a cloud provider; those who cannot satisfy them won’t satisfy your needs – and they likely won’t last very long anyhow.
Ask the tough questions, trust your gut, and then enjoy your new home in the clouds.

New Call-to-action

Topics: cybersecurity, remote work, cloud, selection