If you’re looking to move some, or all, of your IT infrastructure to the cloud, security will be high on your agenda.
Assess the risks
A risk assessment should be your first port of call. Using a risk assessment matrix you will be able to analyse areas such as cyber and physical security, business continuity processes and disaster recovery options.
Encryption and pre-encryption
Pre-encryption should be considered alongside encryption to reduce the risk to your data both in-transit and at rest. Cloud encryption will ensure that your data is encoded as it travels to and from cloud-based applications and storage, to authorised users – as well as being encrypted in the cloud. This is a very effective way of protecting sensitive data and can assist in meeting data sovereignty requirements.
Don’t neglect physical security
When people think of cloud, they tend to think of all things digital, but the physical security of the data centre that your cloud platform sits in is just as important. The data centre provider should boast access control protocols such as biometrics, mantraps, audio challenge cameras and ANPR, infrared tripwires and anti tailgating doors and gates. Ask questions about visitor policies – what background checks are carried out on staff, for example.
Any data centre worth its salt will be proud to offer you a tour so that you can see the facilities first hand, so take them up on this and know what to look for.
It’s important when utilising cloud technology that you remain up-to-date with regulatory changes and work with your cloud provider to ensure that compliance is met. As long as there is digital data, there will be threats against it – regardless of whether it sits in the cloud or on-prem – but by working with the right cloud provider for your particular business needs, you can minimise these risks significantly.