Better safe than sorry, how to approach Cloud Security

cloud-safetyI ride a motorcycle.  I ride it to work, I tool around on back roads every opportunity I have, do the occasional weekend trip and a cross country ride is on my bucket list.  Before I ride I always do a pre-ride check to make sure there are no issues with the bike and I ALWAYS ride defensively.  But here’s the thing - you can’t control everything.  I had an accident two years ago that totaled my bike and left me with a few scars.  As I was being dragged across the road underneath my bike, I realized the loud scraping sound was my head on the pavement.  I remember thinking “I am so glad I am wearing a helmet”.  I can’t even imagine what the results might have been after being dragged on my bare head for 50 feet at 30 miles per hour.  My mantra now is ATGATT (All the Gear All the Time).  Proper protection is the key to reducing and preventing injury.

So how does this relate to you and your cloud service provider?  Along with service, the security and protection of your data are two of the most important factors in determining which provider to choose.  Everything from the security of the site where your data is maintained to the cloud environment your data is stored in should be looked at.

Questions have to be asked:  How secure is the building where my data is stored? Do you have physical access controls?  What if someone tries to break into the building?  Are there burglar alarms?  Do you have a security company monitoring your site? What type of fire protection is in place?  What if the site goes down?  Is there a disaster recovery site that will allow me to access my data with minimal or no service interruption?

Regarding the infrastructure where your data is stored, the big question to be asked is “How are you going to protect my data?”  Here are a few systems your cloud provider should have in place to keep your data protected.

  • Security controls need to be in place in order to reduce and prevent security breaches.
  • Preventive controls can reduce and eliminate vulnerabilities.
  • Access management and strong user authentication will ensure authorized users are positively identified.
  • Detective controls will detect and react to any incidents that occur.
  • System and network monitoring tools are used to assist in detecting these issues. Corrective controls then limit the damage of an issue.
  • Corrective actions will be taken to address any issue that is detected by the detective controls; these actions are used during or after an incident. System restores via backup is an example of a corrective action.

So, proper protection is the key to reducing and preventing any damage to your data and to your business.  We can’t control everything, but we can do our best to minimize any issues that may come our way.  ATGATT!

Written by: Tony Hernandez
Cloud Command Center Engineer

Leave a comment!

You must be logged in to post a comment.