Select Page

Cloud Computing Security

Cloud computing exposes organizations to substantial new security risks, which often means taking a new approach to cloud security. Remember, even if you are using a public cloud service for data storage, it is your data and ultimately your responsibility for security, data protection and regulatory compliance.

Given the challenges and risks, it is no surprise that security and data protection remain the chief concerns for security professionals in moving to the cloud. A recent study found that their top concerns are: protection against data loss (57%); threats to data privacy (49%); and breaches of confidentiality (47%).

It is important to work with a provider that is not only focused on security, but also takes extra steps to strengthen protections against data loss, threats to data privacy and breaches of confidentiality.

1. Advanced networking options

One of the biggest security risks with some public cloud services is that your data can be exposed to the public Internet. That doesn’t have to be the case. With the right solution, such as the Iron Cloud from Iron Mountain, you can leverage a carrier-grade network that allows for high data throughput with optional dedicated circuits, including a dedicated Virtual Private Network.

2. Data isolation with an offline gold copy

Ransomware is a rapidly growing security threat. Even if your data is in the cloud, there is still the risk of infection. The safest preparation against ransomware is to have your data isolated off-line, typically in a tape vault. Does your cloud provider offer an offline gold copy as part of its overall data management services? With most providers, you will have to set up a separate operation and infrastructure to achieve that. Iron Mountain’s Iron Cloud is the one exception, offering integrated offline protection as part of its service capabilities.

3. Data encrypted in transit and at rest

When you are moving data to the cloud or between clouds, it is particularly vulnerable to loss or attack because you can lose visibility and not be aware of problems until they are too late. By encrypting data both at rest and in transit, your provider can offer an extra layer of protection that can significantly reduce risk of data loss or exposure of confidential records.

4. Role-based access controls

Consistent enforcement of policies and governance is a critical aspect of cyber security. In managing your data in the cloud, you should leverage services that support enforcement of role-based protections such as role assignment, role authorization and transaction authorization.

5. Flexibility in deployment models

Many of the leading public cloud services offer limited deployment options that are not specifically focused on the security challenges of data management. They are typically designed for volume rather than security. In evaluating suppliers for data management, look for these key capabilities to ensure you have the flexibility to address today’s most pressing security and compliance concerns:

  • Multiple deployment models, including private, public and hybrid cloud.
  • Comprehensive managed services, including data migration and data restoration services.
  • Scrapabill Webmasters Cloud Security Recommendations
  • Enterprise-class customer support.

6. Using Trusted Software

Obtain software from known, trusted sources and ensure that mechanisms are in place to provide and install updates in time.