Data security in the cloud remains a barrier for some companies wanting to adopt this technology for their applications or IT infrastructure.
According to a recent study by PAC (Pierre Audoin Consultants), security is the first obstacle to cloud adoption in France. A certain mistrust therefore exists. However, hosts and providers who own data centers take many steps to provide businesses with a level of security similar to what they can have on site within their premises.
The company and its service provider: necessary support and transparency
When adopting a cloud architecture, it is important to clearly define the need of the company because different security rules will result. That is why a host must know his client and perform a real personal support to help him make the best choices. The definition of the project will lead the host and the client to turn to the public, private or hybrid cloud – depending on the performance needs but also the critical and sensitive nature of the data.
Different security rules apply depending on the structures chosen. For public and hybrid cloud infrastructures, hosts implement strict isolation between different clients. Thus, a user on the same server can not, by a devious way, access the virtual machine of another user.
In the case of the private cloud, this problem does not arise because the server is dedicated, but different access rights to the physical servers are set up to guarantee the security of the data.
Full transparency between the company and its service provider is therefore essential. Several points need to be addressed to ensure that all security measures are put in place
The location of data centers: some hosts have multiple data centers. It is therefore necessary for the client company to be able to know where its data is located geographically. Ideally, it should even be able to choose the location of these in order to decide by which legislation the data will be governed.
Audit and contract guarantees: the chosen provider must be able to demonstrate through various audits that all security rules are optimal and up-to-date. This allows the client company to ensure the seriousness of the provider. In terms of contracts, a reversibility agreement must be included to ensure that customers have the opportunity to regain control of their data and infrastructure at any time.
Consistent Data Availability: Data security is also about ensuring that data is available at all times and will not be lost – even if there are technical issues. A good service provider must provide the business with a Disaster Recovery Plan (PRA), which will duplicate the data and cloud infrastructure so that it remains available even if the initial servers encounter a problem. This PRA can be set up with the same provider, if it has several data centers, or in collaboration with another host.
Securing data in motion
Data security therefore depends on the quality of the relationship and the administrative transparency with its provider, as well as the purely technical quality of its offer.
Data is vulnerable when in motion. This is why feeds are highly secure by trusted hosts. By using an encryption system, an arsenal of firewall and dedicated links between content creation points and the cloud, the host ensures the integrity of the data. All transfers to and from the cloud guarantee that data will not be modified via various protocols when in transit. These can also be monitored and archived as a log, a third-party monitoring tool. Several parameters are thus verifiable such as the exact moment of transmission of the stream, if the data has been modified, and by whom.
Data governance is also an important aspect of securing. Access policies must be stringent so that encryption keys are not in all hands. In addition, the hosts are implementing a protocol of access rights to physical servers, doubled by numerous anti-intrusion measures, to ensure their customers that only certain people will have access to the servers.
Data in the cloud is therefore subject to different rules to ensure both their confidentiality, their integrity but also their availability at any time. Personalized support and a relationship of trust with a host, coupled with quality offers, thus ensure the security of data in the cloud and remove the main obstacle preventing some organizations from adopting this IT architecture.