​Securing the public cloud

It is your responsibility to understand the level of protection that your public cloud provider offers

Picture: theaucitron (Flickr)

Picture: theaucitron (Flickr)

The rapid adoption of mobility and cloud computing has seen the potential for a Cyber-attack to Australian business increase exponentially. Despite all the advancements in technology geared toward safeguarding your security posture, the fact is that both the number of attacks, and the severity of those attacks, continue to rise.

The Australian Cyber Security Centre 2016 Threat Report states, Australia continues to be a target of persistent and sophisticated cyber espionage. The cyber threat to Australia is not limited by geography; adversaries with even a transitory intelligence requirement will target Australian individuals and organisations regardless of physical location.” Business can no longer adopt the attitude that they are too insignificant to be on the radar of hackers - this is simply not true.

Each year, reports are generated showing statistics in relation to the number of Cyber-attacks that occurred that year against certain industry sectors, or using specific attack vectors. The truth is that these reports rarely give a true indication of the threat landscape, as many attacks against business still, to this day, go unreported. Australian companies continue to be persistently targeted by a broad range of malicious cyber activity that could potentially harm their reputation, reduce their competitive advantage in the market place, or worse – completely take down their business.

Companies moving to a cloud computing services model must understand they still need to take steps to ensure they address the same cyber threats that were present when they utilised a physical model. However, be it an on premise solution or hosted in the cloud, the correct implementation of a threat management system is a challenge for even the most highly resourced organisations, who quite often, don’t know where to start. Often companies put in place solutions that are poorly scoped, implemented incorrectly, or can become ineffective over time if not properly maintained. The outcome of this is a lack of visibility and insufficient protection.

One solution to this dilemma is to partner with a managed security provider, however it is important that companies do their homework and partner with a provider that is pro-active and trustworthy, in order to achieve the best outcome. It is also important that companies remain actively engaged in the implementation and ongoing monitoring of their security posture – this ensures they retain ownership of the security measures being put in place. A good security provider will encourage this collaborative approach.

If you are moving into or are already using services in the public cloud, it is your responsibility to understand the level of protection that your public cloud provider offers and what it is that you need to do to ensure that your information is effectively secured. There are a number of tier1 vendors that now provide solutions for protecting information being stored in the public cloud and it is important that you make yourself aware of these technologies and how to best implement and manage these solutions. As referred to above, if you do not have the technical expertise, strongly consider partnering with an organisation that does such as a managed security service provider with strong cloud awareness. Whether you partner with a service provider, or go it alone, visibility is key and will create the opportunity to make more informed security decisions and create a security posture that is more effective.

When designing your security environment, both on premise and in the cloud, consideration must be given to a wide range of issues. Some of these issues include whether your current software licensing will be transferable if you move from an on premise environment to a cloud environment and whether the cloud environment will serve your business as efficiently if you experience growth in the future.

Consider, also, what authentication will be required by your users and customers when accessing your services hosted in the cloud and whether the current connectivity you have is sufficient. In addition, is there redundancy in place should you lose your internet link or should the cloud service provider lose theirs? A simple example of this is a cloud service provider that comes under a DDoS attack - could they continue to operate in the event they were under a DDoS attack?

[Related: 4 advantages of moving to the cloud]

What about recovery? How quickly will you be able to recover if and when something does go wrong? What measures can you put in place to mitigate this risk?

Consider whether there are any government or corporate policies and regulations that you must be aware of, which may stop or limit where you can host your information? Some cloud services are hosted overseas - would hosting with these providers violate any relevant policy?

When moving your services to the cloud, consider the levels of contingencies that are offered by your service provider. Speed of service and recovery from an outage are but two metrics that should be factored into any measurement criteria. Have you converted the Operational Level Agreements that were in place when your infrastructure was housed internally, to SLA’s agreed with your cloud provider?

Lastly, consider whether the cloud service provider you have chosen can deliver on the service you want. Just as there are chasms of difference between the qualities of service of many managed security providers, so too is there vastly different levels of service from cloud service providers. Do your homework and know who you are partnering with.

Michael Demery is Director at Seccom Global

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Cloudbusinesssecuritybusiness management

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Demery

PC World
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?