Worldwide, the cloud services market is expected to soar. Alongside this, businesses are slowly getting used to the idea of hybrid cloud adoption, although Gartner estimates it is around five years from going mainstream.
“Still, Gartner predicts the demand for hybrid cloud is growing at a compound rate of 25% per annum, faster than the general IT market growth,” says Lutz Blaeser, MD of Intact Software Distribution.
He says this is why businesses planning to embark on a hybrid cloud journey need to ensure they have the right security solutions and protocols in place to ensure the safety of their customers’ data.
“Firstly, analyse the type of data your business is handling, and decide how sensitive it is, not only for the company, but for clients too. Highly confidential personal and private data, be it medical records, financial credentials, or proprietary IP should be stored on premise, and have strict access controls enforcing the principle of least privilege.”
This cloud must also be totally isolated from public internet access to prevent criminals from remotely accessing the data via any security flaws. “In addition, don’t forget about data residency, and be aware of legal jurisdiction and geographical location that may affect the way data needs to be stored and handled to remain compliant.”
He says this is why when selecting a cloud provider, it is critical to choose a provider whose data centres physically reside in a country or area and whose data handling regulations are in line not only with your organisation’s business interests, but the country legislation it needs to be in compliance with.
“Any data centre, irrespective of the type of data it stores, falls under the data privacy and protection laws of the country that it’s built in. Due to this, it’s crucial that any business planning to use a provider that has datacentres outside the country’s borders must be aware of, and able to abide by, the data protection legislation governing that region.”
Failure to do this could see your business facing serious legal, reputational and financial repercussions should data be lost, stolen or exposed, Blaeser says.
“The next step is performing a due diligence of the potential service provider and specifying damages,” he adds. “This is important, as the provider’s ability to meet your needs, as well as recover in the event of an accident or catastrophe, need to be assessed. This will ensure business continuity for your company, and will help set out any crisis management procedures.”
Also consider your data while in transit, and ensure that while data moves between your business and the cloud provider, it is encrypted to prevent any man-in-the-middle attacks that could potentially intercept your data, he says. “Over and above that, it’s a good idea to encrypt all data stored in the cloud to prevent its access by malicious actors in the event of a security incident.”
According to Blaeser, the final step is creating, defining and implementing solid, effective and fast security response procedures. “Businesses need to define a set of guidelines and procedures to follow in the event of a breach or incident, which must be adhered to by all parties. These procedures need to cover ways and methods for identifying, isolating and mitigating security breaches.”
In addition, in the unfortunate event a security incident does occur, it is vital to analyse the impact it had on both the organisation and its infrastructure, and update the procedures to include any new security solutions that will help prevent a similar incident from happening in the future, he concludes.
