The security of the cloud is a hotly-debated topic. Despite the high adoption rate of the cloud, some companies are still reluctant to move to the cloud citing security concerns. Cloud providers take security seriously and, in many cases, the security of the cloud trumps the security that can be provided in-house. Here are some facts to consider:
1. Clients that share a public cloud cannot attack each other (as long as it is properly patched and maintained)
Cloud providers take many precautions to prevent attacks from other subscribers that share the same cloud environment. Hypervisors, which provide separation between customers occurs in a cloud environment, are extremely difficult to attack — however, the hypervisor must be properly patched and maintained. Additionally, the management layer can be isolated from the end user resources by placing it on a separate management network.
2. Clouds are not more vulnerable to external attacks than in-house networks
Data breaches, account hijacking, insecure APIs and denial of service attacks can happen in an in-house environment just as easily as in the cloud. Businesses must establish the same level of security that they would when deploying workloads using a hosting provider or their own internal IT infrastructure — this includes installing firewalls, vulnerability scanning, encryption, network intrusion detection and prevention, multi-factor access control and monitoring.
3. CloudTrust Protocol (CTP) helps establish visibility in the cloud
Security and transparency are key components to establishing digital trust with a cloud provider. CTP was created to generate evidence-based confidence that everything that is claimed to be happening in the cloud is indeed happening as described, and nothing else. With the CTP cloud consumers are provided a way to find out important pieces of information concerning the compliance, security, privacy, integrity, and operational security history of service elements being performed in the cloud.
4. Certifications are essential
From SSAE 16 for financial services to PCI-DSS for credit card processing and HIPAA for healthcare records — certifications and compliance regulations are the foundation for building a trustworthy service. Certifications aren’t an iron-clad guarantee of security, however, customers should understand the security capabilities and processes of their cloud provider as well.
5. You can control where your data resides
For businesses concerned with data residence, the choice of cloud provider must in part be based on where the provider operates cloud data centers. Also, private clouds provide a straight forward way for businesses to address data accountability and governance.
ACE IT Solutions delivers a portfolio of best-of-breed cloud computing solutions that are secure, cost-effective and flexible enough to meet the specific needs of any business. Through our closely-vetted technology partners, ACE IT Solutions is able to offer best-of breed-technologies that provide the highest-level of quality, reliability and security. Our cloud infrastructure solutions can support a broad array of workloads and integrate with your network and existing data and application management systems.
Contact ACE IT Solutions at (646) 558-5575.