Over the coming weeks I bring to you a series of blogs which will hopefully make your decision making process more productive and help mitigate the security risks associated when using cloud providers.
We start with the security benefits of using the cloud, leading onto the risks and how great these risks are, next are tips for SMEs to help them select a suitable cloud provider.
Things get a bit harder from now on and subsequent blogs will be aimed at procurement departments interested in procuring cloud services.
Key cloud security vulnerabilities are examined followed by the information assurance requirements for the supply chain, personnel, operations, access management, asset management, portability, business continuity, physical and environmental security and finishing off with the important legal stuff.
This wiki article is a good reference about Cloud Computing.
Six security benefits of using the cloud service “Software-as-a-Service (SaaS)”
1 – Benefits of Scale
There’s a fair chance that a cloud provider actually has a larger IT infrastructure than your own and therefore security measures are also implemented on a larger scale which means that the security measures are more cost effective than doing it yourself or outsourcing to an IT company.
Larger infrastructure brings economies of scale which reduces the overall cost for security thus allowing a larger investment than is possible for many companies.
Cloud providers should have multiple locations which provides much greater network resilience through replication and in this turn reduces the risk of long outage times following a breach.
2 – Incident Management
A major issue for small companies is how they recognise and respond to security incidents. To start, a security incident is usually recognised when it is too late, the IT support needs to be called, the machines are removed from service and disinfected, the “cleaned” machines are then returned to service.
This raises several concerns for in-house IT solutions which should not apply to cloud services.
- The lack of security event logging and reporting to recognise security incidents at an early stage.
- The actual time taken to get IT support.
- Business continuity issues while the machines are being cleaned and brought back into service.
- Security breaches need specialists to deal with these incidents rather than IT generalists to ensure that the vulnerabilities of these machines are mitigated through correct re-configuration, otherwise the breach will most likely reoccur.
- The lack of security awareness within the company can also lead to breaches when further incidences occur.
3 – Cyber insurance
Most SMEs in the UK are not covered by cyber security insurance. To accommodate insurance companies’ requirements, security controls need to be put in place to reduce premiums, which smaller companies may find tedious and expensive to implement. The use of cloud services may reduce your insurance premiums if a reputable cloud provider is carefully selected.
4 – Security Conscious Cloud Providers
The cloud providers are in a highly competitive industry and their reputation is at stake if a security breach occurs, therefore it is in the cloud providers’ interest to use security as a market driver to retain and attract more customers.
5 – Scaling of Resources
As your business grows more features may be needed, these new features are implemented by subscribing to a higher feature pack and consequently security issues relating to these new features are readily taken into account.
In the event of a security incident such as a denial of service attack is the ability to rapidly dynamically reallocate customer resources to safety thus dramatically reducing periods of customer outage.
6 – Software Patches and Updates
Pre-tested patches and updates are centrally managed which are therefore are more likely to be rolled out faster and more regularly than on client based systems, thus the window of vulnerability is minimised.
Next time – The Security Risks of Cloud Services