Advertisement
Columns

How secure is cloud computing?

Advertisement

You will know from previous columns that I have been championing cloud services for quite some time. This growing range of services offer small and large businesses an efficient and cost effective way of managing their IT services and infrastructure in the local and global market and is predicted to be worth $5.9 billion by the end of 2016. Research has shown that 88 percent of enterprises in developed countries use the public cloud in one way or the other.

The use of cloud services amongst personal users has also exploded with Microsoft gaining 39 percent market share with its Office 365 product range. Cloud services – sometimes called hosted services – offers clients the opportunity to outsource their IT software (Saas), infrastructure (IAAS) or platforms (Paas).

This means that the clients will not need to instal and maintain a costly IT center on their premises. So, for example, your financial software can be run in the cloud and be accessed by any device (including smartphones and tablets) from anywhere in the world where you have internet access.

Advertisement

You are not tied down to attending your office to access your systems, or restricted to a single device. The most common usage of cloud services worldwide is for email services. IT professionals should by now have tested and assessed this technology with a view towards briefing their management teams.

The benefits appear too good to be true. In Malawi currently, a number of ISP and communications companies are offering a range of services – mainly based around infrastructure outsourcing. But careful assessment needs to be given to a number of areas – most notably security. Questions need to be asked of your current, or proposed service provider, to ensure that you make the right choice.

Does your provider have formal written information security policies? This is essential, if they are to be trusted with your sensitive company, client or staff data. These policies need to be re-visited by them regularly to ensure full protection of your data in the face of changing technology. What procedures are in place to restrict physical access to their date processing equipment and network equipment?

Advertisement

One of the great benefits of centralized data services is the high level of disaster recovery services that can be achieved. You do need to check a few basic issues. What power backup services do they offer on your data access in the event of public power downtime? How long does this last? What redundancy do they offer on their VPN and internet links?

Once you have assured yourself of these you will need to find out what their disaster recovery plan is for you as their client, as well as their facilities in total. Well defined plans will minimize the length and impact of loss of service due to disaster.

Have they tested their disaster recovery plan, when and how often? It would be useful to look at their recent external audit report and their IT strategy document. Scrutinize is their data segregation policy. In other words – how do they keep your data safe and secure from data belonging to other clients? How do they remove or destroy redundant data – that may belong to you – from their devices?

How about encryption of data and backups? What controls they have to detect attacks and breaches? What is their reporting policy if your data has been breached? Are you given access to logs and traffic details on your data so that you can assess misuse?

Approach prospective vendors with tremendous care to ensure that you are handing over your data and processes securely. Ensure that your contractual documentation reflect satisfactory procedures and answers to all the points above as a start.

Facebook Notice for EU! You need to login to view and post FB Comments!
Advertisement
Show More
Advertisement

Related Articles

Back to top button
Close

Adblock Detected

Please consider supporting us by disabling your ad blocker