Organizations migrating to a new IT environment, such as the Cloud, should always give serious consideration to the security of that environment. But how secure is the Cloud? If you don’t know exactly what piece of hardware your private data is found on at a given time, how do you know it is secure?
For those relatively new to Cloud, the first thing to be aware of is that while some of the tools and methods used to secure a network and data in the Cloud are different, the basic principles are the same as for any other environment. The next thing to know is that because the Cloud runs in data centers staffed by experts in Cloud services, data stored in the Cloud is “probably more secure than conventionally stored data,” according to Quentin Hardy, former Deputy Technology Editor of the New York Times[i].
How Cloud is Secured
Cloud security is achieved through the implementation of appropriate technologies and policies like it is for other IT environments. Those used to secure the Cloud, however, are suited to agile environments and are certified by independent specialized third-party auditors. These audits provide a measure of assurance to customers that their Cloud provider has internal processes and capabilities for managing security which meets stringent standards.
Cloud is “probably more secure than conventionally stored data”
The American Institute of Certified Public Accountants (AICPA) created the Statement on Standards for Attestation Engagements (SSAE) 16[ii] to provide a standard for service providers to report System and Organization Controls (SOC). A SOC 1 report details the controls used by the service provider to limit access to information systems. A SOC 2 report evaluates the system for security, availability, processing integrity, confidentiality or privacy, based on SysTrust and WebTrust[iii] principles.
Cloud providers with robust security can be certified to show they are compliant with HIPAA and HITECH regulations governing IT systems that handle sensitive health care information. For companies handling payment data like credit card numbers, Cloud providers, like Atlantic.Net, can also get audited for PCI compliance.
A service provider which has been audited and certified according to these standards has proven it has the technical capacity and procedures in place to provide robust enough security to protect the most sensitive business information.
Firewalls are the foundation of technical security for any network, including one in the Cloud. A firewall is a hardware or software system which applies rules to all traffic passing through the perimeter of a network. Data passing in or out of your Cloud environment is inspected and filtered by the firewall based on the rules, keeping suspicious traffic out, and sensitive data in. This is what provides the network barrier between your systems and other systems in the data center. Atlantic.Net integrates industry-leading firewall solutions and/or a custom proprietary firewall appliance to maximize the reach and effectiveness of this filtering. The rules governing the firewall must be managed to adapt to threats and maintain security, a process best handled by experts, often through a service provider.
The Cloud is further secured by other tools which provide anti-malware protection, intrusion prevention, integrity monitoring and logging. Specialized cyber security firms, like one of Atlantic.Net’s security partners Trend Micro, provides these tools. Trend Micro is a global leader in cyber security solutions for business, and its Deep Security, which includes all the above tools, is one of the most trusted cyber security suites on the market.
HITECH – The Health Information Technology for Economic and Clinical Health Act.
PCI DSS – Payment Card Industry Data Security Standard.
Controlling access to your Cloud with a managed firewall appliance helps ensure the confidentiality of your data. Firewalls can identify who is requesting access to the network and whether they are authorized to access it. They also create logs that allow cyber security professionals to monitor network activity for signs of suspicious or risky access, and if necessary adjust the rules to preserve confidentiality by blocking that traffic.
Confidentiality is further ensured with encryption. Data in storage, backup, or in transit over a network can be encrypted so that it is worthless and does not reveal sensitive information to anyone who does not also possess the private key used to decrypt it.
DDoS Prevention and Mitigation
Distributed denial of service (DDoS) attacks are costly and disruptive, and they can affect any size of business in any industry. They generally consist of a flood of traffic targeted at a certain element in the network with the intention of overloading that element to the point that it stops functioning as expected. Defending against these attacks requires the robust infrastructure of a service provider with a network geographically distributed across multiple points-of-presence. Service providers like Atlantic.Net, which operates six data centers across North America and Europe, can redirect traffic away from bottlenecks and divide it between data centers.
With Atlantic.Net’s Edge Protection your services redundancy is built into the network through connections with multiple diverse providers so that if one is affected by a DDoS attack, others are available. Edge Protection also helps to mitigate vulnerabilities by shielding your true server’s IP address and location.
New Best Practice
Most enterprises and the majority of small and medium-sized businesses[iv] have been using the Cloud for years, and the number of companies of every size using the Cloud is increasing in practically every industry. Small and medium-sized businesses, enterprises, and governments are moving workloads to the Cloud, including their most sensitive data. This change is driven largely by cost, performance, and agility advantages delivered by cloud computing but also represents a vote of confidence from each organization that makes the jump to the Cloud.
Central to this confidence is the realization that service providers offer experience and expertise which are far beyond most organizations, particularly those not dedicated to IT services or related technical fields. Professional management is a major part of what makes Cloud or any other IT environment secure.
A quality service provider, such as Atlantic.Net, can identify and deploy the appropriate solutions to allow any organization to benefit from the agility and low cost of the Cloud while maintaining the security of the environment.