Atlantic.Net Blog

How Secure is the Cloud?

Organizations migrating to a new IT environment, such as the Cloud, should always give serious consideration to the security of that environment. But how secure is the Cloud? If you don’t know exactly what piece of hardware your private data is found on at a given time, how do you know it is secure?

For those relatively new to Cloud, the first thing to be aware of is that while some of the tools and methods used to secure a network and data in the Cloud are different, the basic principles are the same as for any other environment. The next thing to know is that because the Cloud runs in data centers staffed by experts in Cloud services, data stored in the Cloud is “probably more secure than conventionally stored data,” according to Quentin Hardy, former Deputy Technology Editor of the New York Times[i].

How Cloud is Secured

Cloud security is achieved through the implementation of appropriate technologies and policies like it is for other IT environments. Those used to secure the Cloud, however, are suited to agile environments and are certified by independent specialized third-party auditors. These audits provide a measure of assurance to customers that their Cloud provider has internal processes and capabilities for managing security which meets stringent standards.

Cloud is “probably more secure than conventionally stored data”

Quentin Hardy, former Deputy Technology Editor of the New York Times

Regulatory Compliance

The American Institute of Certified Public Accountants (AICPA) created the Statement on Standards for Attestation Engagements (SSAE) 16[ii] to provide a standard for service providers to report System and Organization Controls (SOC). A SOC 1 report details the controls used by the service provider to limit access to information systems. A SOC 2 report evaluates the system for security, availability, processing integrity, confidentiality or privacy, based on SysTrust and WebTrust[iii] principles.

Cloud providers with robust security can be certified to show they are compliant with HIPAA and HITECH regulations governing IT systems that handle sensitive health care information.  For companies handling payment data like credit card numbers, Cloud providers, like Atlantic.Net, can also get audited for PCI compliance.

A service provider which has been audited and certified according to these standards has proven it has the technical capacity and procedures in place to provide robust enough security to protect the most sensitive business information.

Tools

Firewalls are the foundation of technical security for any network, including one in the Cloud. A firewall is a hardware or software system which applies rules to all traffic passing through the perimeter of a network. Data passing in or out of your Cloud environment is inspected and filtered by the firewall based on the rules, keeping suspicious traffic out, and sensitive data in. This is what provides the network barrier between your systems and other systems in the data center. Atlantic.Net integrates industry-leading firewall solutions and/or a custom proprietary firewall appliance to maximize the reach and effectiveness of this filtering. The rules governing the firewall must be managed to adapt to threats and maintain security, a process best handled by experts, often through a service provider.

The Cloud is further secured by other tools which provide anti-malware protection, intrusion prevention, integrity monitoring and logging. Specialized cyber security firms, like one of Atlantic.Net’s security partners Trend Micro, provides these tools. Trend Micro is a global leader in cyber security solutions for business, and its Deep Security, which includes all the above tools, is one of the most trusted cyber security suites on the market.

Acronyms you need to know
HIPAA – Health Insurance Portability and Accountability Act of 1996.
HITECH – The Health Information Technology for Economic and Clinical Health Act.
PCI DSS – Payment Card Industry Data Security Standard.

Confidentiality

Controlling access to your Cloud with a managed firewall appliance helps ensure the confidentiality of your data. Firewalls can identify who is requesting access to the network and whether they are authorized to access it. They also create logs that allow cyber security professionals to monitor network activity for signs of suspicious or risky access, and if necessary adjust the rules to preserve confidentiality by blocking that traffic.

Confidentiality is further ensured with encryption. Data in storage, backup, or in transit over a network can be encrypted so that it is worthless and does not reveal sensitive information to anyone who does not also possess the private key used to decrypt it.

DDoS Prevention and Mitigation

Distributed denial of service (DDoS) attacks are costly and disruptive, and they can affect any size of business in any industry. They generally consist of a flood of traffic targeted at a certain element in the network with the intention of overloading that element to the point that it stops functioning as expected. Defending against these attacks requires the robust infrastructure of a service provider with a network geographically distributed across multiple points-of-presence. Service providers like Atlantic.Net, which operates six data centers across North America and Europe, can redirect traffic away from bottlenecks and divide it between data centers.

With Atlantic.Net’s Edge Protection your services redundancy is built into the network through connections with multiple diverse providers so that if one is affected by a DDoS attack, others are available. Edge Protection also helps to mitigate vulnerabilities by shielding your true server’s IP address and location.

New Best Practice

Most enterprises and the majority of small and medium-sized businesses[iv] have been using the Cloud for years, and the number of companies of every size using the Cloud is increasing in practically every industry. Small and medium-sized businesses, enterprises, and governments are moving workloads to the Cloud, including their most sensitive data. This change is driven largely by cost, performance, and agility advantages delivered by cloud computing but also represents a vote of confidence from each organization that makes the jump to the Cloud.

Central to this confidence is the realization that service providers offer experience and expertise which are far beyond most organizations, particularly those not dedicated to IT services or related technical fields. Professional management is a major part of what makes Cloud or any other IT environment secure.

A quality service provider, such as Atlantic.Net, can identify and deploy the appropriate solutions to allow any organization to benefit from the agility and low cost of the Cloud while maintaining the security of the environment.

Atlantic.Net: Your Cloud Security Partner
With Atlantic.Net’s Managed Hosting solutions, we make sure your servers are secure. Featuring our world-class custom-built firewall and IDS, along with Trend Micro antimalware protection, you can rest assured your data is safe. Contact us today for to get started.

[i] https://www.nytimes.com/2017/01/23/insider/where-does-cloud-storage-really-reside-and-is-it-secure.html?_r=0
[ii] https://www.ssae-16.com/
[iii] http://sas70.com/sas70_trustservices.html
[iv] http://www.rightscale.com/blog/cloud-industry-insights/cloud-computing-trends-2015-state-cloud-survey


Safety in Redundancy: Why It’s Important to Have Multiple Backups

Derek Wiedenhoeft August 3, 2017 by under Managed Hosting 0 Comments

Everyone is familiar with the idiom, “it’s better to be safe than sorry.” It’s a good general rule to operate under, and that is certainly the case when it comes to the safety of your data. Whether it’s the files that make up your website or a database with sensitive information, it’s critical to your operations that there is always some way to restore your data so that you don’t suffer from excessive downtime, or worse, be noncompliant with certain regulatory agencies depending on the industry you operate in. Yes, your backup solutions, or lack thereof, could be putting you at risk of being in violation of some laws.

If your business operates within the healthcare industry and creates electronic medical records, there are specific requirements in place regarding not only the storage of EMRs but also where you back up these records. These requirements can be found in the HIPAA Security Final Rule: the Data Backup and Disaster Recovery Specifications. There are certain backup elements that must meet contingency plan standards.

Read More


Security Penetration Testing: What It Is and Why You Need It

Derek Wiedenhoeft August 1, 2017 by under Managed Hosting 0 Comments

If your bank is requiring your company to perform a penetration test as part of your PCI compliance, you’re not alone. Payment Card Industry Data Security Standards (PCI-DSS) are now requiring penetration testing (or pen tests) for all organizations that accept credit card payments. It’s an added way to ensure the security of credit card transactions and associated storage practices.

So what, exactly, is penetration testing? It’s a way to test your system’s security by trying to exploit its weaknesses. In the same way that the Federal Reserve requires FDIC-insured banks to undergo stress tests, penetration tests are safe methods of attempting to identify security weaknesses in your systems.  As the saying goes, one of the best ways to help protect against hacks into your systems is for someone you trust to try hacking into your systems. This will allow you to rectify security issues before they can be exploited by unauthorized individuals.

Read More


Can You Learn HIPAA Compliance in 5 Minutes?

With anything that’s complex and multi-faceted, it is not always easy to explain it to others. Oddly enough, it sometimes seems especially difficult to convey ideas when we are highly trained in the subject. We start to take the broader, basic-to-intermediate knowledge we have for granted, glossing over it as we focus at a higher level. Conversely, when we are learning about something new, it helps when we can get simplified, “boiled-down” essentials without any unnecessary legal jargon or other distractions. Well, here is an attempt to get to the essence, a Quick-Start Guide of sorts for HIPAA compliance that should only take you another 270 seconds or so to read. Forgive the lack of transitions from here forward – nuts and bolts only!

Read More


We can’t keep up with IT and we need help!

Derek Wiedenhoeft July 12, 2017 by under Cloud Hosting 0 Comments

Until recently, businesses adapted to the computer age by purchasing desktop systems and possibly servers, to run a local area network, and maybe a website. IT needs have changed, however, with cloud-based productivity applications, electronic records, and mobile workforces. Keeping up with these and related innovations is vital to business efficiency and profitability, but IT teams tasked with making every digital element in the organization work — and work together – are often overwhelmed, leading to system failures and major problems for business operations.

Businesses typically have different expectations from their IT systems than even a decade ago, and therefore should adapt their approach to IT.  For many, this means closing down that old server room; the number of businesses hosting their network on-premises is projected to fall from 31 percent to 17 percent by 2018. Correspondingly, budget allocations for hosting services will rise by an average of 20 percent for 2017, according to 451 Research.

Read More


Finding HIPAA Hosting Solutions as a Small Business Owner

Operating within the healthcare industry can be challenging. There are many moving parts that must be accounted for, whether you’re a new startup firm or a large network of hospitals. When most small business owners are looking for hosting solutions, the only concerns are cost and the capability of the hardware to meet the needs of a website. The options are endless when it comes to finding simple hosting. When it comes to firms in the medical sector, there are special considerations to be had.

Your hosting options are significantly narrowed when looking for HIPAA-compliant hosting. Small business owners working in healthcare must seek out hosting companies that specialize in HIPAA compliance. Relatively speaking, few hosting companies can provide this service because of what it entails. Powerful hardware is just one part of the equation. There must also be a long list of security measures put in place to protect sensitive data. This strict set of regulations is the reason why you can’t trust your hosting with just anyone. It’s also why many hosting companies can’t offer this service and why trying to establish local infrastructure to handle these duties isn’t the best option. Part 2 of this document released by the SANS Institute delineates what is required at the local level to remain compliant with HIPAA regulations.  Maintaining HIPAA compliance at the hardware level is cost-prohibitive for most firms and a host is required.

Finding a hosting provider that can meet your organization’s needs can seem daunting, but there are a number of things to be aware of when seeking out a HIPAA-compliant hosting solution. Here are some general guidelines to keep in mind when looking for the right hosting solution for your business.

Read More


SSAE 16, SSAE18, SOC 1, SOC2: What they are and why you should care

Derek Wiedenhoeft July 11, 2017 by under Cloud Hosting 0 Comments

Cloud computing has revolutionized the world of software licensing, but it has also opened the gates to new security risks. In the past, if a company wanted to add new software, it had to endure long installation processes on local servers. This gave companies the opportunity to verify the reliability of their systems, while local hosting gave them more control over their data. However, it was also immensely time-consuming and costly to set up and maintain.

Read More



DIY Security: Why It’s Usually a Bad Idea for Most Businesses

Do-it-yourself is a popular mantra among many people building websites, doing home renovations, or marketing artistic and cultural products.  Unfortunately, however, it is not an appropriate approach for some things; like network security.  Just like a home renovation DIY project gone horribly wrong, organizations taking on cybersecurity roles outside of their core competency could cause themselves ruinous, avoidable expense.

Some companies make the decision to be wholly responsible for their network security intentionally, perhaps due to cost considerations, or a lack of understanding about the frequency and harm of security incidents.  For some companies, it was simply neglected, or a tiny startup in stealth mode grew too quickly for management to keep up with all demands.

The cost of network downtime for enterprises is $5,600 per minute, which is close to $300,000 per hour.

According to Gartner research, the cost of network downtime for enterprises is $5,600 per minute, on average, which is close to $300,000 per hour.  Worse, Ponemon research found that the average total cost of a data breach in 2016 was $4 million.  Protecting against that kind of risk is a job for professionals.  Keeping a network secure can be easy.  You just have to have the right help.

Read More



New York, NY

100 Delawanna Ave, Building 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4

Canada