​Securing the public cloud

It is your responsibility to understand the level of protection that your public cloud provider offers

Picture: theaucitron (Flickr)

Picture: theaucitron (Flickr)

The rapid adoption of mobility and cloud computing has seen the potential for a Cyber-attack to Australian business increase exponentially. Despite all the advancements in technology geared toward safeguarding your security posture, the fact is that both the number of attacks, and the severity of those attacks, continue to rise.

The Australian Cyber Security Centre 2016 Threat Report states, Australia continues to be a target of persistent and sophisticated cyber espionage. The cyber threat to Australia is not limited by geography; adversaries with even a transitory intelligence requirement will target Australian individuals and organisations regardless of physical location.” Business can no longer adopt the attitude that they are too insignificant to be on the radar of hackers - this is simply not true.

Each year, reports are generated showing statistics in relation to the number of Cyber-attacks that occurred that year against certain industry sectors, or using specific attack vectors. The truth is that these reports rarely give a true indication of the threat landscape, as many attacks against business still, to this day, go unreported. Australian companies continue to be persistently targeted by a broad range of malicious cyber activity that could potentially harm their reputation, reduce their competitive advantage in the market place, or worse – completely take down their business.

Companies moving to a cloud computing services model must understand they still need to take steps to ensure they address the same cyber threats that were present when they utilised a physical model. However, be it an on premise solution or hosted in the cloud, the correct implementation of a threat management system is a challenge for even the most highly resourced organisations, who quite often, don’t know where to start. Often companies put in place solutions that are poorly scoped, implemented incorrectly, or can become ineffective over time if not properly maintained. The outcome of this is a lack of visibility and insufficient protection.

One solution to this dilemma is to partner with a managed security provider, however it is important that companies do their homework and partner with a provider that is pro-active and trustworthy, in order to achieve the best outcome. It is also important that companies remain actively engaged in the implementation and ongoing monitoring of their security posture – this ensures they retain ownership of the security measures being put in place. A good security provider will encourage this collaborative approach.

If you are moving into or are already using services in the public cloud, it is your responsibility to understand the level of protection that your public cloud provider offers and what it is that you need to do to ensure that your information is effectively secured. There are a number of tier1 vendors that now provide solutions for protecting information being stored in the public cloud and it is important that you make yourself aware of these technologies and how to best implement and manage these solutions. As referred to above, if you do not have the technical expertise, strongly consider partnering with an organisation that does such as a managed security service provider with strong cloud awareness. Whether you partner with a service provider, or go it alone, visibility is key and will create the opportunity to make more informed security decisions and create a security posture that is more effective.

When designing your security environment, both on premise and in the cloud, consideration must be given to a wide range of issues. Some of these issues include whether your current software licensing will be transferable if you move from an on premise environment to a cloud environment and whether the cloud environment will serve your business as efficiently if you experience growth in the future.

Consider, also, what authentication will be required by your users and customers when accessing your services hosted in the cloud and whether the current connectivity you have is sufficient. In addition, is there redundancy in place should you lose your internet link or should the cloud service provider lose theirs? A simple example of this is a cloud service provider that comes under a DDoS attack - could they continue to operate in the event they were under a DDoS attack?

[Related: 4 advantages of moving to the cloud]

What about recovery? How quickly will you be able to recover if and when something does go wrong? What measures can you put in place to mitigate this risk?

Consider whether there are any government or corporate policies and regulations that you must be aware of, which may stop or limit where you can host your information? Some cloud services are hosted overseas - would hosting with these providers violate any relevant policy?

When moving your services to the cloud, consider the levels of contingencies that are offered by your service provider. Speed of service and recovery from an outage are but two metrics that should be factored into any measurement criteria. Have you converted the Operational Level Agreements that were in place when your infrastructure was housed internally, to SLA’s agreed with your cloud provider?

Lastly, consider whether the cloud service provider you have chosen can deliver on the service you want. Just as there are chasms of difference between the qualities of service of many managed security providers, so too is there vastly different levels of service from cloud service providers. Do your homework and know who you are partnering with.

Michael Demery is Director at Seccom Global

Join the PC World newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Cloudsecuritybusinessbusiness management

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Demery

PC World
Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?