A ‘Cloud’ uses the internet to aggregate resources for storing, processing and transacting information.  Each virtual server on any physical server may be owned by the same or different people or companies. That is, you may be sharing
your physical server or servers with other people and companies in multiple locations. While this may afford flexibility, cost effectiveness, and in some cases robustness, the greater the number of server and information locations, the exponentially greater risk to its security.

Generally with a cloud service provider, but not always, you or your company rents or subscribes to a share of some combination of these resources as a service. That is, generally you don’t own or manage these resources and you share them with other people and companies over multiple locations and they are to a greater or lesser extent managed for you.

These resources include:

  • infrastructure (eg. datacentres, connectivity),

  • computers (eg. servers),

  • software (eg. servers, operating systems, applications, databases),

  • humans (eg. people doing things for you remotely),

  • some combination of the above.

Once you have defined ‘Cloud’ in your context, and the services you will be using, some key issues in considering cloud service providers are:

  • What data are you storing in the cloud?

    • How much do you care about that data?

    • How much does someone else care?

  • Is your data encrypted?

    • Where are the encryption keys?

    • Do you care if the cloud provider’s staff can see your data?

  • Data sovereignty

    • Where is the data held?

    • Is that compliant with the data protection act or any other regulation your company may be subject to?

    • Are you comfortable that the government in the location you are storing the data has your best interests at heart, as they may lawfully have access to your data with or without your knowledge.

  • Contractual liability clauses

    • Can you check they have the security you need?

    • Will they cover any loss to your organisation if something goes wrong?

  • How would you operate through a breach of their systems?

  • Do you have an offline backup of your data in your control?

    • Where would you restore to, and how?

  • Are your organisational practices more secure than the Cloud Providers?

    • Including their private corporate network, which manages the back end of the services you are using.

See also Cloud Types

Leave a Reply

Your email address will not be published. Required fields are marked *