Cloud Computing Security Answers Business Concerns
Audience: Business owners & managers
Because the term Cloud Computing is all-inclusive a lot of fear regarding security of cloud computing has arisen. Many business owners may incorrectly assume that Cloud computing is not ideal for their company or worth looking into for fear of security or loss of control.
This article will help business owners understand the basics to the different levels of security with respect to cloud computing and business use. We will also discuss some of the different aspects of cloud computing that are ideal for businesses to consider.
Cloud Computing Security:
Data Center Securityversus
Typical Office Security
A cloud computing security analogy for businesses considering cloud computing would be that of a standard house (for the average business level of security) to that of a bank. The bank is analogous to datacenters specifically setup for secure cloud computing needs. I won't delve into all the technical jargon, but simply understand that banks are designed knowing that they need to be secure, thus access is controlled, monitored and numerous contingency plans are in place for differing scenarios. The average office however may not have security cameras, monitoring, alarms, or various levels of access controls for the building access, or proper network access levels & auditing configured -should someone gain access to an employee's computer.
Today, most businesses have a full-time connection to the Internet just as datacenters do. However, in the cloud computing environment, which stores data in one or more data centers, the level of security and auditing for intrusion is far greater than that of a typical office.
Cloud Computing Security Analogy -step two. Many companies use cloud computing today, but in different ways. It is the large diversity that leads to excessive fear over cloud computing security. Keeping with our analogy, let's say there is another building, this time a place where many people come together and socialize, perhaps a club. Each club would have its own security policies and requirements and a breach in security in one club should not reflect a weakness in security for a bank. One building is configured for differing needs. The typical club has a lot of external social interaction, whereas the bank (secure data center) is built around secure storage and access.
Based off this analogy, most businesses are looking for the "bank" scenario. In cloud computing you will see this as "Virtual Private Cloud Computing".
Before I delve into Virtual Private Cloud Computing, as a business owner you may be thinking, I need my server(s) in my office regardless because my Internet may go down. We address this with Hybrid cloud computing. Hybrid Cloud Computing allows business to leverage Virtual Private Cloud computing (often for disaster recovery), and still keep their server(s) in their office. Hybrid Cloud Computing may be more ideal for businesses than a full cloud computing environment. Because of this, let's first look at Hybrid Cloud Computing as it affects businesses.
Business Examples of Hybrid Cloud ComputingHybrid Cloud Computing Scenario 1:
A business wants to ensure a good disaster recovery system is in place for their current operating environment. The business contacts their technology consultants that focus on cloud computing and/or hosted technology *. The consulting firm delivers Hybrid Cloud computing in the form of a box that sits in the office & connects to the local office network. The box takes snapshots of the current server(s) at a definable time period. Should the local server(s) fail - (such as due to a hardware failure); the box can start running in place of the failed server(s) using the last snapshot. So where a business could be non-operational for weeks, with this hybrid cloud computing scenario they can be operational in a few minutes.
One step beyond this is that the box can also send compressed and encrypted replications "images" to a datacenter (using Virtual private Cloud Computing) this replication or "image" can become active at the remote location so that core business operations can still be accomplished. This addresses the risk of theft, fire, power outage, or other "disasters" that would prevent the servers from running at the local office.
There are many ways to address disaster recovery. This scenario of hybrid cloud computing is ideal for businesses that are extremely sensitive to their servers being operational. Industries that may have extreme time-sensitivity to outages that warrant this use of hybrid cloud computing range from Healthcare, to Oil & Gas, Financial industry and more.
*If you are not aware of a good consulting firm, just let us know where you are located and we can suggest a reputable technology consulting company in your area.
A business doesn't want to tie up its capital in server equipment anymore, but has the need to keep the server(s) in the office "local". The business contacts their technology provider that offers on onsite hosted server for a flat monthly fee. (If you don't know of one, let us know and we will refer a reputable company to you). This box which can contain multiple servers is configured to run just like in the scenario 1 fail-over, but additional hardware changes to the box are typically done to make it more robust so that it is used as the primary local server(s).
Just like above, the box has the option to automatically send secure backups to secure datacenter(s). This scenario is very attractive for most businesses weary about using "Cloud Computing", or Virtual Private Cloud Computing as their main method of operation.
This scenario of Hybrid Cloud Computing can give the below benefits (and more) to business:
- Frees up capital for the business
- Provides a fixed monthly amount instead of an unknown variable amount the company will spend on IT services
- Shifts most of the risk from the company to the provider
- Keeps the data local
- Provides the framework for offsite of disaster recovery
- Like with virtual private cloud computing, it gives ability for the company to save in some software costs by not having to purchase it, but use on a monthly basis.
"Business Cloud Computing"- -Virtual Private Cloud Computing
With Virtual Private Cloud Computing, a business would have significant enough benefit to warrant moving their server(s) "to the cloud". Keeping with the analogy, think of a large building that has multiple offices in the building. This building has some floors that are secure, and have restricted access to enter and it is on one of these floors where your bank resides. This is the case with virtual private cloud computing. Your company's network environment and therefore business operating environment is built as a secure floor in this building (data center). Breaking from the analogy, unlike the real world of office building, your virtual private cloud computing environment can send encrypted images of its environment to a backup data center. In the off chance an entire datacenter goes down, just like with our hybrid cloud computing scenario of offsite backups, the fail-over datacenter(s), can activate the last image and be operational in minutes.
For peace of mind, some business owners want to have an image of their cloud environment stored to their local office as well. Thinking back of the hybrid cloud scenario, the local image could be loaded on a local box "server(s)" and be operational locally instead of in the cloud-based environment.
Security concerns with Virtual Private Cloud Computing
Now that we've done the build analogies, suppose the janitors, who have keys to all the offices decides to go raid the sensitive information in your virtual private cloud computing environment? So, the question here is What about the system administrators in the data centers who I don't know or trust?
An extremely valid point and there is definitely an answer. For most companies, especially small businesses, the level of security and authentication at data centers is enough. However, for some industries, and for some businesses more security is needed
Auditing & access control-
Auditing can be enabled so that business owners know who accessed (or tried to access) any file or folder, when, and what (if any) changes were made. Further, and in some highly sensitive cases we create folders that the owner is the only person who knows the password to. This means neither their cloud computing consulting firm, nor any administrator can access the folder without breaking the encryption on the folder. To make matters more secure the folder keeps a log (auditing) of every attempt to access, and when accessed who, when, for how long and what, (if anything) was changed. So with virtual private cloud computing there are multiple layers of security and auditing to protect a company's data. But knowing this, the question still remains ...
Is Cloud computing ideal for your business?
If so, is it something like the Hybrid Cloud Computing or Virtual Private Cloud Computing?
To help you see which is more ideal for your business operations, see our page on "The pros and cons of Cloud Computing". Which helps highlights many of the business benefits and the downsides as well.
Considering Cloud Computing for your business? We are here to help. Feel free to contact us, as we'd love to talk to you and help you determine if cloud computing would be beneficial for your company.
feel free to call us at: 907-375-8310