It’s critical to secure your company data and systems to protect them from ever-present cyber-thieves. With more data continuing to move to the cloud, those services become attractive targets and attacks will increase. Here are four security best practices for cloud hosting to follow in order to help ensure your important information is protected, including how to augment your data center service provider’s security and how to evaluate their security controls.
1. Realize your IT department still plays a critical role in securing data. It’s easy to assume that since you’re using a data center provider, they’ll also cover all your security needs. While any good provider should have air-tight security procedures such as controlling physical access to the data center and network security like firewalls and intrusion detection, your IT department still plays an important role in securing your data.
Your IT team will need to manage and secure your cloud services using proper management of passwords, backup policies, access control strategies, and monitoring. For example, your provider should be encrypting their data center’s network, but you’ll need use your own security tools to encrypt sensitive information before it goes to the cloud. And you’ll need to setup and manage anti-virus software to check incoming emails for malware or other potential threats. When it comes to security, it may be helpful to remember that cloud-based applications hosted at a data center should be secured in the same manner as applications on internal servers.
2. Put your low-risk, non-core functions in the cloud first. When you’re just starting with the cloud, it’s a good idea to migrate non-essential functions first. This strategy minimizes risk and gives you time to optimize processes before moving more mission critical applications, processes, or business areas to the cloud.
Some companies choose to move productivity and collaboration tools, like email and software test and dev environments to the cloud first. After they gain success in those areas, they stage the rollout of additional, more critical functions.
3. Evaluate potential cloud providers and their SLAs carefully. Not all data centers are created equal and neither are their Service Level Agreements (SLAs). The SLA contract spells out exactly what levels of security and service you can expect from your provider.
It’s important to examine the agreement carefully and look for holes. Ask questions such as:
If you don’t like the answers you’re getting from a provider, move on until you find one who satisfies your requirements. Security is too important to be left to chance.
4. Understand a potential provider’s standard audits and certifications. Check the audits and certifications of the data center, such as SSAE 16 Type II, HIPAA, or ISO 27011, to determine if there are any potential security gaps that might compromise your systems or data. Do they meet compliance regulations that are relevant to your company like Sarbanes-Oxley (SOX), HIPAA, PCI, or Gramm-Leach-Bliley (GLB)?
Be sure you’re satisfied the provider has taken every necessary step to meet stringent security and regulatory standards. It’s not enough to look at a bulleted list of a data center’s standards and certificates – examine the audit documentation they provide. Are there any potential gaps that could compromise your data?
If your company requires tight controls due to your industry or government regulations, will the data center work with you to satisfy them? It’s important to ask, because with changing governmental regulations, your industry may be subjected to compliance requirements down the road that you can’t anticipate now. It’s important to know if a provider is willing to grow with you.
Implementing these best practices will go a long way in protecting your organization’s important data and systems. Learn more about secure cloud hosting.