Is Cloud Computing Secure?
Every day, we’re deluged in massive amounts of data. We consume data, crave it, and share it with everyone around us. Our lives and livelihoods utterly depend on it.From our PCs to our Smart Phones, we’re awash in data of every description and security level.
And that fact clearly isn’t lost on hackers:
- Hackers Winning Security War: Executives – Reuters
- The Bright Side of Being Hacked – New York Times
- NASA Says it was Hacked 13 Times Last Year – Reuters
So how safe are remotely hosted, cloud-based solutions?
Despite the recent rash of hackings, the answer isn’t quite as black and white as one might think. Cloud computing and storage is not that much different from technology running in a traditional data center or virtual local network.
That brings us to the next question: How secure is any network? The fact is everything depends on the security protocols and practices the organization – any organization, for that matter – has in place. The security concerns are one and the same: data encryption, access control and security – both physical access to the servers as well as user logins, privacy, control, legal issues, and compliance with regulations. In the case of cloud computing, security is a collaboration between the provider and the client.
The good news is that cloud computing can be as safe as traditional on-premise solutions. In some cases, cloud computing can be safer due to:
- Timely Patches: Many providers, like Apptricity, will automatically patch their installations to increase or address security concerns. Since all clients are technically using one app, the update is done automatically and seamlessly. Ultimately, that means fewer patches IT personnel will have to install and less chance of a critical missed patch.
- Monitoring and logging: Since the application and data are stored in one place, it’s easier to monitor and log activities. Clients don’t need to figure out how much disk space they need for logs, as it all scales as necessary.
- Higher Standards: Providers are often held to higher standards, have more security resources, and have larger budgets in place to secure their servers. Security is one of the pivotal keys to our business; we don’t want to be on the “Hacked List” any more than you do!
Some things to consider when seeking a cloud provider:
Do they support your company’s security policies? Every company has their own security practices and protocols and no solution will fit every case. A provider should be flexible enough to support your security and offer a solution that’s tailored to your specific needs.
Do they encrypt their data? You’d be amazed at the number of business that still don’t encrypt their data. Despite all the recent hackings and hacktivist activities making the news, there are probably many more who have been hacked and don’t even know it! What about access to the encryption keys? Encryption is only as good as how the encryption keys are stored and used. That’s like locking your house up, but leaving the keys under the doormat. Praying no one looks only goes so far.
Do they limit physical access to the servers? Your data still resides on a very physical server. Just as your company might have strict protocols in place to limit access to their servers, the provider should do the same. Who has access to the servers? What measures have they taken to prevent physical access to the servers?
Do they offer security rules or policy-based management? Some solutions offer the ability to limit where and when the application can be used. Take Facebook, for example. Accessing Facebook from roughly the same geographic location will cause no issues, but it will ask for authentication if you try to access it from a location it doesn’t recognize.
Do they expire sessions or purge the cache? Say an employee goes home for the day, but leaves their workstation unsecured. Can the provider set it up so the session times out or purges itself from the browser cache after a set period of time? Laptops and other mobile devices have a tendency to come up missing all too frequently. Since the data is online, rather than residing on a user’s system, there’s less chance of it being leaked or stolen.
There are many more things to consider when selecting a cloud-based solution, but if the right steps are taken, it can be both secure and cost effective. For more information, visit these blogs:
For additional information about cloud-based expense management software, asset management software, invoice management software, or other applications to enhance business operations, visit Apptricity or contact us at 800.693.2193.