Connect with us


Security in the private cloud – what every business needs to know


By Brent Thurrell, BeyondTrust

The onward march of cloud computing seems unstoppable and its benefits – cost savings, scalability, business continuity – are hard to dispute. However, like any area of information technology, it is important to understand the security implications of moving any part of business into the cloud. The impact of a security breach can be far-reaching, which is why senior managers need to familiarize themselves with what is at stake.Brent-Thurrell

After all, we are talking about trusting sensitive corporate data – including customer data, intellectual property and other content, such as information on new products – to a third party.

It’s clear that organizations that outsource to a cloud vendor often make their choices based on price instead of security. Despite the undoubted advantages, making use of a cloud provider unfortunately opens the door to some risks.

This is why, despite many C-level non IT executives being keen to cloud environments, security executives tend to walk with much more trepidation. According to a recent research report by IDC, 74 percent of IT executives and CIOs have cited security as the top challenge preventing their adoption of the cloud services model.

The reality is that wherever data is hosted, vulnerabilities and exploits do not discriminate. The same holes that exist for cyber thieves lie within cloud providers as they do for data storage on-premise.

Who is responsible for security – the cloud provider or the business user?
So is having a private cloud safer than the public cloud? The reality is that private cloud does not mean attackers will not try to enter. Indeed, the more sensitive and potentially valuable a company’s assets, the more likely an organisation will encounter a cyber security storm.

This begs the question: when a company is utilizing a cloud provider, who is actually responsible if a breach occurs or what security measures are put in place? The apparent ambiguity as to who is responsible for securing the assets which makes up the private clouds creates the exact type of security gaps on which attackers can prey. It may come as some surprise that end user licence agreements for most cloud providers state that they are not responsible for security.

Cloud providers are responsible for providing servers with a certain operating system and a certain flavour, but buyers beware: in practice, this means they might not even know when a breach has occurred. In a 2011 Ponemon study, 42 percent of respondents of cloud service providers indicate they would not know if their organizations cloud apps or data was compromised by a security breach or data exploit.

The truth is that assets, in the cloud or on premise, are part of the business; so UK organizations need to treat them as such. Take the necessary steps to secure those servers, which organizations have every right to do, just as if the data was sitting down the hall in a server room. Even though businesses are renting cloud capacity from these providers, they still have full access to assess and should approach them as part of their regular security practice. As cloud customers, businesses can still configure virtual servers and apply custom measures that comply with existing security strategies.

Tips to securing company data stored in a private cloud

So what can be done to ensure that the business’s cloud environment is secure? Here is some ‘best practice’ advice:
• Include assets held in the cloud into your normal security and privilege access management strategy.
• Regularly assess the state of vulnerability by leveraging zero day vulnerability management solutions.
• Implement regular detection scans for critical risk access points, or potential breaches. Don’t wait for the cloud provider to inform you – it may not do so.
• when employing a cloud service, review terms and conditions clearly, understanding the end user license agreements.

There are a wide variety of tools available that enable organizations to take the above steps easily and quickly, without major disruption to their existing IT infrastructures. The bottom line is that leaving private cloud security out of an organization’s integrated strategy creates a major security gap, but if the right steps are taken, then businesses can leverage the advantages of cloud computing, safely and securely.



Editorial & Advertiser disclosure
Our website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.
Global Banking and Finance Review Awards Nominations 2021
2021 Awards now open. Click Here to Nominate


Newsletters with Secrets & Analysis. Subscribe Now