By Tim Mercer
With cloud computing prevalent in business as a way to store and share data, workloads and software, a greater amount of sensitive material is potentially at risk. Therefore, company leaders need to prioritize cloud security and know how to manage the risks, says Tim Mercer (www.timtmercer.com), ForbesBooks author of Bootstrapped Millionaire: Defying the Odds of Business.
“Cloud adoption is a business model that provides convenience, cost savings, and near-permanent uptimes compared to on-premises infrastructure,” Mercer says. “But cyberattacks continue to plague organizations of every size, and moving your IT infrastructure and services to cloud environments requires a different approach to traditional deployments.
“A private cloud keeps all infrastructure and systems under the company’s control, while a public cloud hands over the responsibility to a third-party company. In hybrid deployments, which most organizations adopt, some services are in the public cloud infrastructure while others remain in the company’s data center. Regardless of which cloud deployment you choose, you should know the cloud security basics or consult with cybersecurity experts before migrating to the new environment.”
Mercer offers five points company leaders need to know about cloud security to help manage their risks:
- Shared resources for multi-tenancy cloud customers. “Multi-tenancy refers to the shared resources your cloud service provider will allocate to your information,” Mercer says. “The way the cloud and virtualization works is, instead of physical infrastructure dedicated to a single organization or application, virtual servers sit on the same box and share resources between containers.” A container is a standard unit of software that packages code and helps the application run reliably from one computing environment to another. “You should ensure that your cloud service provider secures your containers and prevents other entities from accessing your information,” Mercer says.
- Data encryption during transmission and at rest. Accessing data from a remote location requires that a company’s service provider encrypt all the business’ information – whether at rest in the virtual environment or when being transmitted via the internet. “Even when the service provider’s applications access your information,” Mercer says, “it should not be readable by anyone else except your company’s resources. To protect your information, ask your service provider about what encryption they use to secure your data.”
- Centralized visibility of your cloud infrastructure. Mercer says it’s not enough to trust service providers; you’ll also want to verify that your data remains secure in their host environments. “Cloud workload protection tools provide centralized visibility of all your information so you can get adequate oversight of the environment,” Mercer says. “Ask your cloud company if they can provide you with security tools such as network traffic analysis and inspection of cloud environments for malicious content.”
- An integrated and secure access control model. Access control models remain a major risk in cloud environments. “Your provider should have cloud-based security that includes a management solution to control user roles and maintain access privileges,” Mercer says.
- Vendor sprawl management with threat intelligence. “In complex cloud deployments,” Mercer says, “you may end up using different vendors, each with its own cybersecurity framework. Threat intelligence solutions can provide you with clear insight into all your vendors and the latest global threats that could put your business systems at risk. A threat intelligence tool will gather and curate information from a variety of cybersecurity research firms and alert you to any vulnerabilities in your vendor’s system.”
“For any organization that’s considering a complete cloud migration, understanding the entire threat landscape is essential,” Mercer says. “A team of cybersecurity experts can assist with the planning and oversight of your cloud migration to mitigate risks and establish the necessary controls.”
About Tim Mercer
Tim Mercer (www.timtmercer.com) is the founder of IBOXG, a company that provides technology services and solutions to government agencies and Fortune 500 corporations. He also is the ForbesBooks author of Bootstrapped Millionaire: Defying the Odds of Business. Mercer was inspired to pursue a career in IT as a consultant after he became a telecom operator while in the U.S. Army. After growing up in difficult economic circumstances in the rural South, Mercer achieved success as an entrepreneur, then recovered from the financial crisis of 2007-2008 after starting IBOXG. The company has accrued over $60 million in revenues since its inception in 2008.