What to look for in a secure cloud system

Not all cloud products support the same level of security, so what should organisations be looking out for?

Blue square background with a yellow cloud superimposed, with a cut-out key icon on it to represent cloud security

Cloud security is the top priority for IT professionals in 2019, according to a survey from NetEnrich. This isn't a surprise, given the implementation of GDPR, and large-scale data breaches frequently hitting headlines over the past year.

Against this backdrop, it is understandable that there are still a sizeable number of businesses who are reluctant to fully embrace cloud computing as part of their business practice. But although this concern isn't unjustified, cloud providers are increasingly putting security at the forefront of their products. By using military-grade defences, providers can protect their clients' data and ensure their environments are as safe as they possibly can be.

But as is the case with other features of cloud services, not all products are equal and some provide better levels of security than others. This isn't because cloud providers don't realise the need for solid defences, but because different products are designed for different use cases. Some are designed for highly regulated and sensitive industries, while others don't need to be so locked down.

A recent survey from Ingram Micro revealed that high levels of security are the most important thing that 83% of IT professionals look for when choosing a cloud solution, with competitive pricing being the next most important at 74%. If you're unsure about what to look out for when choosing your cloud provider and service, here are four things to explore from a security point of view.

Information access

The first thing to check for in a cloud solution is the ability to share information across departments. This functionality is key for CIOs looking to transform their businesses by improving customer experiences and organisational agility, while also introducing new digital revenue streams. 

Corporations run hundreds, and sometimes even thousands of interconnected applications to support their operations. Traditional solutions store information in many different places, so keeping those systems in sync is a challenging task.

Advertisement
Advertisement - Article continues below

True, multi-tenancy SaaSwith human resource, finance and planning data stored in one applicationmakes all of this much easier. This central design has many benefits, including all systems working from a common framework, so there are no inconsistencies in data. It also eradicates the disconnect between the system and its users; a problem prevalent in many legacy systems.

Consequently, overall security improves with a single version of the software that is continuously updated, scanned and patched. This is far better than working with multiple packages, and any security-related changes to the system architecture are relayed to all customers simultaneously. If a leading enterprise needs a stringent new security feature, it's available to an SMB as well.

Conversely, it's important to make access control a serious priority. The modern workforce comes paired with all sorts of different hardware, meaning a spread of data across more access points, increasing the likelihood of a vulnerability. By prioritising an access solution involving vetting applications used, specifying permissions and setting policies, the correct employees can access the tools they need in order to work efficiently.

Encryption benefits

In the old days, corporations relied on firewalls to protect information, believing that once the business had warded off outsiders, information was safe. Since hackers can attack systems at different levels, such thinking is now very outdated. Once hackers gain access to a system, they stay, often working their way from low-level to high-level security clearances and compromising sensitive information.

Encryption serves as one way firms can protect themselves. Typically, data is encrypted in transit, which is a first rather than last step. Once information enters the data centre, it's unencrypted and therefore vulnerable. To address this problem, organisations need to encrypt information at rest in a persistent data store.

Unfortunately, these systems are complex and difficult to implement, so cloud services built on legacy architectures rarely support the encryption of all customer data at rest.

With modern cloud architectures, a good cloud vendor will take on those responsibilities, especially if privacy and security are embedded into the system from the beginning.

Eliminate passwords

With the troubling scale of malicious software available to hackers, the phrase password safety' is turning into an oxymoron. Google has released figures from its Password Checkup extension, revealing 1.5% of sign-in attempts are being made using details that have been compromised in data breaches. Despite users receiving notification emails stating their details have been compromised, only 26% took action to change their passwords.

Advertisement
Advertisement - Article continues below

To combat this issue and eliminate the need for regular passwords, cloud vendors can offer single sign-on (SSO), an authentication process that allows users to access multiple applications with just one set of credentials. The simplicity this provides would improve work efficiency, solidify general security and compliance, and produce a far better user experience too.

Unfortunately, over 50% of popular cloud services do not support out-of-the-box SSO. If your working with services that lack SSO, it's essential to create strong passwords that are captured and filled for the employee, maximising cloud security.

Support for third-party standards

Industry and government groups have designed various compliance frameworks to protect customer information, with increasingly tough regulations being introduced around the world. However, the specifications are only a starting point.

While assessing a solution, the various compliance standards and security implementations should be thoroughly examined. Is the service simply aligned with the standard or has the service been certified? How is the information stored? What level of encryption is supported? How are updates handled?

All cloud providers claim to have secure systems, but few offer the higher levels of protection needed for an enterprise's valuable data. Carefully examining a vendor's solution, however good it may seem on the surface, is the key to a compliant, breach-free cloud future.

Advertisement
Related Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Life in the digital workspace

A guide to technology and the changing concept of workspace

Download now

Recommended

Visit/cloud-security/34458/what-is-cloud-security
cloud security

What is cloud security?

20 Sep 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/network-internet/34596/bt-unveils-barrage-of-new-business-services
Network & Internet

BT unveils barrage of new business services

9 Oct 2019
Visit/network-internet/33885/zyxel-nebula-control-center-2019-review-takes-all-the-pain-out-of-networking
Network & Internet

Zyxel Nebula Control Center 2019 review

21 Jun 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

4 Nov 2019
Visit/domain-name-system-dns/34842/microsoft-embraces-dns-over-https-to-secure-the-web
Domain Name System (DNS)

Microsoft embraces DNS over HTTPS to secure the web

19 Nov 2019
Visit/strategy/28115/the-pros-and-cons-of-net-neutrality
Business strategy

The pros and cons of net neutrality

4 Nov 2019
Visit/social-media/34844/can-wikipedia-founders-social-network-really-challenge-facebook
social media

Can Wikipedia founder's social network really challenge Facebook?

19 Nov 2019