Many decision makers do not realize that moving their applications to the cloud might actually increase their security and reliability versus on-premise data centers. On the surface this may seem counter intuitive because many think about the cloud and see an increased exposure to malicious actors. Although we have all heard about companies being hacked or having their networks locked out by ransomware, the reality is that a carefully planned migration can not only help prevent or reduce the damage from an attack, but it can also allow for a quicker recovery in the event of one.
Today, even the most conservative organizations have some portion of their data in the cloud. This migration began with basic business applications, but with the roll-out of O365, almost all collaboration is done in Microsoft’s cloud. Other examples of applications that are in the cloud include:
- Expense systems
- Applications (CTRM, ERP)
- Market Data
If you are considering moving applications to the cloud and worried about security, here a few reasons to give comfort that the cloud is indeed safe.
1. Almost everything can be encrypted
Data in the cloud can be stored and transmitted in a way that prevents easy access to critical information. For example, transaction data can be stored in the database or on servers in an encrypted fashion (“encrypt at rest”) that makes it very difficult to steal. When it comes time to transmit this data it can also be encrypted so that only the intended recipient can access it (“encrypt in flight”).
- Data can be encrypted at rest
- Data can be encrypted in flight
Cloud providers support many forms of industry standard encryption models and have integrated this support into their service offerings so that managing encryption keys is not a complicated process nor is moving data between services in a secure manner. Whether or not you require encryption to be performed on the client prior to transmission or on the server post reception there is native support already designed into the platform.
Additionally, cloud providers make available to the users, tools and services for encryption so they can benefit using the same system for any custom needs.
It’s important to note that major cloud providers have made significant investments in security R&D and have already been certified by leading regulatory bodies for having compliant services for data security and controls with regards to health, finance and personal information among other certifications.
2. Cloud providers are constantly investing in security
Cloud providers understand that keeping their customers’ data safe is critical to their business model. Amazon invests more into security most years than what could be an entire IT budget for many companies. Due to its size and scale, AWS builds its security controls in-house, which means that it is probably ahead of commercially available software.
Cloud providers are constantly on the lookout for threats (e.g. DDoS) and are rolling out updates for protection. Customers benefit from operating on the latest security definitions and they do not need a big IT team to take to manage their roll-out. For our customers we also recommend monthly maintenance for applications and servers so that we can accept the updates. For example, within AWS we update workspaces as part of this maintenance window.
3. Data can securely be accessible from anywhere
While the data can be accessed from anywhere, an equal level of rigor must be applied to limit who has access to data and how that data is accessed. Since the applications are in the cloud, all that is needed is an internet connection and a cost-effective integrated VPN solution. VPN solutions help to keep all communication points protected. If an externally visible access point is required, the data should be exposed in a way that minimizes exposure to the internal company servers and keeps them securely hidden in the cloud ether.
4. Limiting local installs decreases security risk
It is important to design cloud systems with the basic assumption that malicious users are working to gain access to your system and data. A key feature of the cloud is that cloud applications can be accessed from anywhere via multiple devices, meaning that very little needs to be stored on the client machines. One benefit to this approach that is that if a machine is stolen then it will contain very little data locally and the user can pick up from a new machine when it is available. In our experience, users and end-point devices remain the greatest vulnerability when it comes to managing the cyber security threat landscape. Minimizing the amount of company data moving outside the company network allows organizations to limit the impact when something inevitably will go wrong. It’s important to note that not all security breaches are caused by poor cloud data. Breaches can occur due to human error and these security risks can be managed by reducing local installs, strong password requirements and encryption.
The cloud can help to reduce the security risks for many organizations. A well thought out plan will not only decrease risk, but it will also produce efficiencies for the organization. If you are considering the leap, please see our blog, Why It’s Time to Move Your Business System to the Cloud.
At Veritas Total Solutions, we are experienced in cloud transformation. We offer a range of technology solutions across the business spectrum including cloud planning and migration. If you are interested in learning more about our specific capabilities, contact us to learn more or subscribe to our blog to stay connected!