The NVTC’s Opinion on Cloud Security
Recently, Securis attended a Cybersecurity and Privacy Panel Event, hosted by NVTC. The panel tackled one of the most pressing issues of the technology world: cloud security. The panel discussed a wide variety of hot topics including infrastructure security, data breach precautions, and threats in the current cloud environment. Here are some key points to consider in order to further understand the benefits of the Cloud, risks you should be aware of, and some quick solutions to employ to avoid these risks:
- Cloud Customization– Joe Cudby from Carpathia Hosting Inc. boasted that the cloud environment is essentially considered more secure because of its customization capacity. Many people are unaware of the security benefits surrounding the cloud computing environment. If you’d like to learn more about cloud security, check out this article: Is the Cloud More Secure Than a Physical Environment? One thing to note about the data security environment in the cloud is that each infrastructure can be built to meet specific compliance requirements. Cudby does not recommend utilizing mass-market cloud spaces if security is a major priority. At the same time, he advised that the architecture be kept relatively simple. Simple architectures are typically more secure because there is less to manage.
- Community Cloud Security– A community cloud allows several companies to share a data center infrastructure with other companies that have shared data security concerns . Cudby mentioned that one potential threat to security of the community cloud is that hacking of one user can take every user offline. One way to avoid attacks is to look into the other users’ vulnerability on your company’s infrastructure. To learn more about community clouds and the security implications, click here.
- Data Center Chain of Custody– It was noted throughout the conference that companies should keep in mind that the data center never has custody of the data, but merely provides the tools and space to assist in meeting requested security standards. If you would like to learn more about this topic, check out this article on coldstordata.com
- Trade-offs– There will always be some type of trade-off between cost and security. Base the trade-off balance on your company’s risk profile for data.
- Breach Response– The moderator asked the panelists if, in their experience, they ever had to publicly announce that a breach had occurred. Danny McPherson from Verisign admitted that the company was forced to notify its customers of a data breach when a laptop went missing recently. Andy Koepke of Hamilton Insurance informed the panelists that Cyber Liability Insurance gives companies peace of mind when it comes to dealing with the costs of data breaches, customer notification, and recovering from data loss. Many are unaware that general liability insurance does not cover the risks of doing business on the internet and online data exposure. Cyber liability insurance covers wrongful acts or illegal activity as well as data privacy wrongful acts.
Cloud computing growth means that companies are consuming more and more data everyday. The concentration of data on hard drives managed by an external organization can also be a threat. Additional security precautions should be in place in order to combat the potential of an incident much like Verisign’s stolen laptop. To learn about resources that may help you prevent a data breach, read our article about the Online Trust Alliance’s guide to Data Breach and Loss Incident Readiness. Consider the risks of improper disposal of failed hard drives. Keep in mind that your company’s cloud environment has both physical and technological risks.