​Securing the public cloud

It is your responsibility to understand the level of protection that your public cloud provider offers

Picture: theaucitron (Flickr)

Picture: theaucitron (Flickr)

The rapid adoption of mobility and cloud computing has seen the potential for a Cyber-attack to Australian business increase exponentially. Despite all the advancements in technology geared toward safeguarding your security posture, the fact is that both the number of attacks, and the severity of those attacks, continue to rise.

The Australian Cyber Security Centre 2016 Threat Report states, Australia continues to be a target of persistent and sophisticated cyber espionage. The cyber threat to Australia is not limited by geography; adversaries with even a transitory intelligence requirement will target Australian individuals and organisations regardless of physical location.” Business can no longer adopt the attitude that they are too insignificant to be on the radar of hackers - this is simply not true.

Each year, reports are generated showing statistics in relation to the number of Cyber-attacks that occurred that year against certain industry sectors, or using specific attack vectors. The truth is that these reports rarely give a true indication of the threat landscape, as many attacks against business still, to this day, go unreported. Australian companies continue to be persistently targeted by a broad range of malicious cyber activity that could potentially harm their reputation, reduce their competitive advantage in the market place, or worse – completely take down their business.

Companies moving to a cloud computing services model must understand they still need to take steps to ensure they address the same cyber threats that were present when they utilised a physical model. However, be it an on premise solution or hosted in the cloud, the correct implementation of a threat management system is a challenge for even the most highly resourced organisations, who quite often, don’t know where to start. Often companies put in place solutions that are poorly scoped, implemented incorrectly, or can become ineffective over time if not properly maintained. The outcome of this is a lack of visibility and insufficient protection.

One solution to this dilemma is to partner with a managed security provider, however it is important that companies do their homework and partner with a provider that is pro-active and trustworthy, in order to achieve the best outcome. It is also important that companies remain actively engaged in the implementation and ongoing monitoring of their security posture – this ensures they retain ownership of the security measures being put in place. A good security provider will encourage this collaborative approach.

If you are moving into or are already using services in the public cloud, it is your responsibility to understand the level of protection that your public cloud provider offers and what it is that you need to do to ensure that your information is effectively secured. There are a number of tier1 vendors that now provide solutions for protecting information being stored in the public cloud and it is important that you make yourself aware of these technologies and how to best implement and manage these solutions. As referred to above, if you do not have the technical expertise, strongly consider partnering with an organisation that does such as a managed security service provider with strong cloud awareness. Whether you partner with a service provider, or go it alone, visibility is key and will create the opportunity to make more informed security decisions and create a security posture that is more effective.

When designing your security environment, both on premise and in the cloud, consideration must be given to a wide range of issues. Some of these issues include whether your current software licensing will be transferable if you move from an on premise environment to a cloud environment and whether the cloud environment will serve your business as efficiently if you experience growth in the future.

Consider, also, what authentication will be required by your users and customers when accessing your services hosted in the cloud and whether the current connectivity you have is sufficient. In addition, is there redundancy in place should you lose your internet link or should the cloud service provider lose theirs? A simple example of this is a cloud service provider that comes under a DDoS attack - could they continue to operate in the event they were under a DDoS attack?

[Related: 4 advantages of moving to the cloud]

What about recovery? How quickly will you be able to recover if and when something does go wrong? What measures can you put in place to mitigate this risk?

Consider whether there are any government or corporate policies and regulations that you must be aware of, which may stop or limit where you can host your information? Some cloud services are hosted overseas - would hosting with these providers violate any relevant policy?

When moving your services to the cloud, consider the levels of contingencies that are offered by your service provider. Speed of service and recovery from an outage are but two metrics that should be factored into any measurement criteria. Have you converted the Operational Level Agreements that were in place when your infrastructure was housed internally, to SLA’s agreed with your cloud provider?

Lastly, consider whether the cloud service provider you have chosen can deliver on the service you want. Just as there are chasms of difference between the qualities of service of many managed security providers, so too is there vastly different levels of service from cloud service providers. Do your homework and know who you are partnering with.

Michael Demery is Director at Seccom Global

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags businessbusiness management

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Demery

PC World
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Cate Bacon

Aruba Instant On AP11D

The strength of the Aruba Instant On AP11D is that the design and feature set support the modern, flexible, and mobile way of working.

Dr Prabigya Shiwakoti

Aruba Instant On AP11D

Aruba backs the AP11D up with a two-year warranty and 24/7 phone support.

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?