You may have heard people say, "we want to move to the cloud." But, what is "the cloud?"
Besides being one of those trendy tech terms a lot of people use, but can't clearly define. The cloud is not a physical thing. The cloud is a network of servers, and each server has a different function. Some servers use computing power to run applications or deliver a service.
For example, Microsoft Office 365 is a subscription plan that includes access to Microsoft Office applications, plus other productivity services that are enabled over the Internet (cloud services). The fully installed applications include: Word, Excel, PowerPoint, OneNote, Outlook, Publisher, and Access.
Therefore, the cloud is a network of servers and some servers provide an online service, and others allow you to store and access data like Instagram or SharePoint.
As a Director of IT, Project Manager and Entrepreneur, I can tell you that the reason companies move to the cloud is often financially motivated. Companies used to buy their own hardware equipment, which depreciated over time and had to be maintained. But with the cloud, companies only pay for what they use. This model makes it easy to quickly scale up or down.
What are the dangers of putting my data in the cloud?
The following are ten threats of cloud computing
- Data Breach: Data breaches can result in the loss of sensitive information. The nature of cloud computing, utilising remote computers performing parallel tasks, leaves it open to malicious infiltration.
- Data Loss: Data loss may occur because of an accident. For example, when a disk drive dies without a backup. Data can be lost because of human error in an unimaginable variety of ways.
- Account or Service Traffic Hijacking: Account hijacking is a problem in the cloud and it is all too easy for hackers to obtain credentials through phishing and other social engineering techniques that can lead to gaining control over a user's account.
- Denial of Service Attacks: Denial of service attacks (DoS) have been around a long time. Like account hijacking, DoS attacks remain a threat everywhere, but especially in cloud computing with its network of virtual machines. A denial of service attack might diminish service without quite shutting it down.
- Malicious and Careless Insiders: Another old threat comes from inside – unhappy employees. Of course, the existence of this threat is also not specific to cloud computing, but the scale of potential damage is much greater, because a breach compromises not only the company, but all other tenants.
- Insecure APIs: To provide services such as platform services, application programming interfaces (API) are made available to integrators and developers. These APIs, being in the cloud, are now theoretically accessible from anywhere on the Internet. Malicious attackers can access the service using an API, essentially building their own application, and use it to manipulate a customer's data.
- Abuse of Cloud Services: A hacker might also use cloud servers to deploy malware or launch DDoS attacks.
- Insufficient Due Diligence: For some small business, a knowledge gap can prevent sufficient exercise of due diligence when hiring a cloud service provider. Without knowing quite what they are contracting for, customers can find a mismatch between what they think they are getting and what a CSP can provide. Asking the right questions is vital, therefore, to understanding the contractual obligations and liabilities of provider and customer.
- Shared Technology: Cloud computing by its definition – that of shared infrastructure – depends on the cooperation of multiple devices in a virtual environment, and in such an architecture, the infiltration and control of just one of those devices exposes all customers to a breach who are tenants in that environment.
- Reliability and Availability of Service: Part of the benefit of moving to the cloud is the ability to work pervasively. However, even where the CSP has been utterly responsible with ensuring uninterrupted power sources and redundant backup, some downtime is inevitable. Customer failure, also, must be accounted for. If applications and services are critical to the business, then the customer must maintain an alternative power source (UPS) to ensure its own ability to connect to the Internet. Or even implement a backup solution like "Backupupify."
What are the benefits to working in the cloud?
I firmly believe that the benefits in using the cloud out-weigh the risks. For instance, I can counter the ten risks above with ten reasons for using the cloud. For instance:
- Flexibility: CIOs and IT Directors rank 'operational agility' as a top driver for cloud adoption.
- Disaster recovery: Small businesses are twice as likely as larger companies to have implemented cloud-based backup and recovery solutions that save time, avoid large up-front investment and inherently offer disaster recovery services.
- Automatic software updates: Suppliers take care of the servers and roll out regular software updates – including security updates – so you don't have to worry about wasting time maintaining the system yourself. Leaving you free to focus on the things that matter, like growing your business.
- Capital-expenditure Free: Cloud computing cuts out the high cost of hardware. You simply pay as you go and enjoy a subscription-based model.
- Increased collaboration: When your teams can access, edit and share documents anytime, from anywhere, they're able to do more together, and do it better. SharePoint, a cloud-based workflow and file sharing application, helps your team make updates in real time and gives them full visibility of their collaborations.
- Work from anywhere: With cloud computing, if you've got an internet connection, you can be at work.
- Document control: The more employees and partners collaborate on documents, the greater the need for watertight document control. Before the cloud, workers had to send files back and forth as email attachments to be worked on by one user at a time. Invariably you end up with a mess of conflicting file content, formats and titles.
- Security: Lost laptops are a billion-dollar business problem. And potentially greater than the loss of an expensive piece of hardware is the loss of the sensitive data inside it. Cloud computing gives you greater security when this happens because the data is in the cloud.
- Competitiveness: Moving to the cloud gives access to enterprise-class technology, for everyone. It also allows smaller businesses to act faster than big, established competitors. Pay-as-you-go service and cloud business applications mean small outfits can be competitive.
- Environmentally friendly: Small carbon footprint.
So, what's the answer?
Being in the IT business for over 30 years I firmly believe that if you have not been thinking about moving your business to the cloud you need to seriously think about it. Despite the practical benefits, cloud computing should not be adopted without a thorough understanding of cloud security concerns. These risks can be mitigated, and a good understanding of cloud computing should include this discussion. Some strategies for risk mitigation include:
- Prohibiting the sharing of account credentials between users.
- Utilising strong two-factor authentication techniques.
- Perform effective due diligence when researching a cloud service provider.
- Work with an expert to assure cloud security on a regular basis, either as a consultant for your business, or perform third-party audits to ensure that your CSP is compliant with your industry's standards of security.
- Outdated operating systems, like Windows XP and outdated browsers, like Internet Explorer 7, put you at risk even if you have taken all other appropriate defensive action. Get those updated.
- Even if your data is in the cloud backup your own data. Don't rely strictly on the CSP.
Who are we?
Since 2001 Reis Information Systems have been handling the Information Technology needs of hundreds of companies. These companies have relied on our expertise to manage the day-to-day help desk and administration to complex Cisco networks and VMware private cloud systems.
We are specialists in:
- Cisco / Meraki networking
- VMware private cloud solutions
- Datacenter management
- Backup and Disaster Recovery (BDR)
- SAN storage systems
- Managed Security and Penetration testing
- Secure Application Hosting, and Web hosting
- Hosted Exchange
Located centrally in Kitchener within the Waterloo Region, we support hundreds of locations across Canada, the United States, Bermuda, Brazil, Germany and various other parts of the world.
For more information please contact Rique Reis at Reis Information Systems