In short, the cloud is really just someone else’s server. But the compelling feature is that it is one or more servers that we can access through the Internet and also provide subscribers with the necessary computing resources. The cloud is a 21st century solution to a problem inherited from the 20th century, when computing resources were scarce and expensive. As a result, organizations were always at risk of not being able to maintain their systems on-premises. Profit-maximizing organizations quickly responded with several variations offered as a service. The only option is no longer to implement and maintain our own hardware and software solutions. We now have the ability to migrate our infrastructure to a cloud platform, as well as work with application-specific service providers for enterprise-wide services such as time management, resource planning business, sales pipeline tracking, financial systems and human capital needs. . Ultimately, the goal is to free ourselves from the stress and risk of maintaining and upgrading our own systems. While this strategy may alleviate some of our concerns, in the tech world nothing is risk-free or immune to security concerns, and cloud strategies are no exception.
We have neighbors in the cloud
While there are options for subscribing to a private cloud service, most find the cost to be significantly less than the public cloud. And so, we knowingly subscribe to services with which we share servers with several other subscribers. In addition to a lower cost, we also get the benefit of knowing that if there is an issue that affects our organization, it will also impact all of our neighbors with whom we share the cloud space. This means additional pressure on the service provider to ensure that issues are identified and dealt with promptly.
Cloud Security: Sometimes Things Go Wrong
While in theory, cloud solutions can help mitigate our business’ strategic risk, there are still some important considerations when you start to embark on this path.
When you have neighbors in the cloud, there is always the risk that other subscribers, accidentally or maliciously, may gain access to your data. As with any system, cloud security is as good as the architecture requires. As a subscriber, however, we are unable to see the details of the architecture developed by the service provider. By the very nature of the description, sitting on a shared server and sharing resources is not as secure as having a physical server on-premises that hosts your business applications and data storage. It’s also worth noting that the world of cloud computing is rather young and most Software as a Service (SaaS) vendors are less mature than they would suggest. Although the initial development of the architectural plan could have been deepened and secured with massive quality assurance testing, in reality it is the immaturity of the supplier’s business and the change processes that introduce risks into the business. equation. The key to remember is that when it comes to cloud service providers, one may want to analyze their level of business maturity. Partnering with a young entrepreneurial cloud service provider may not be in our best interest. Where shortcuts are taken, security holes exist.
Lack of standards
Closely related to the above points, I would like to introduce standards. Standards are the younger brother of commercial maturity. There is a rule of thumb that we learn very early on in the business process optimization world. There must be evidence of documentation, evidence of implementation, and evidence that the process is repeatable. If we all write and follow a different process to achieve a business goal, it is not a standard and would not pass the Business Process Optimization odor test. The standards, or more likely their absence, will become evident very early on when working with a cloud service provider that has not yet reached a level of commercial maturity.
An API, or application programming interface, is a gateway that allows different applications to communicate and access data. They are commonly used to move data back and forth between a cloud environment and another application. When we move applications to the cloud, it is highly likely that we will continue to move data between other already existing applications that our organization needs to do business. The challenge is that we are often limited to using vendor-developed APIs, which also means we need to be confident that the proper security is in place. API gateways are the target of hackers because they present an entry point. If the plan is to continue moving data between the cloud service and internal applications, it is worth considering deploying API security that is implemented and controlled by your business.
Inability to extract your data
When you subscribe to a cloud service, never lose sight of the fact that the data belongs to your organization. Part of any migration strategy should be knowing how to extract your corporate data if your strategy changes. Ideally, you want to be the one in control. Whether there are reporting capabilities that allow you to run this information on demand or if there is a more technical strategy through the use of APIs. Before you archive historical apps, make sure you know how to extract your data and where it will end up when extracted. This can be part of the semi-annual backup and restore tests. We all do this twice a year, right?
Lack of control over who can access your data
This is a difficult question. When setting up and implementing any cloud migration project, we need to work closely with our cloud service provider. In many cases, this will include engaging an implementing partner for more complex implementations. This means knowing that subject matter experts from one or more external organizations may have full access to our data. While strategies can be used to use cleansed or scrambled data, in many cases, such as financial or payroll systems, we ultimately need to use real data for parallel and user acceptance testing. This is when it becomes very important to collaborate with named resources and understand the service provider’s policies regarding secure landing points for file transfers. In light of the recent work-from-home strategies that most of us are employing today, we need to be sure that our data is not on someone’s home computer hard drive. Understand the standards used by all the cloud service providers you negotiate with, and of course, nondisclosure agreements are a necessary administrative tool.
With great power comes great responsibility
As we gain acceptance and harness the power of the cloud, we need to ensure that we continue to take ownership of the security of our technology. While we can assume some security expectations from a cloud service provider, the reality is that we are going to be moving in next to neighbors we know nothing about. At best, let’s hope they keep a garden tidy. But remember that every town is home to at least a few crack houses.
Featured Image: Shutterstock