Content typesWebinar White paper Blog and article Conference Podcast Case study Video Cybersecurity 20/20 Workshop Security Conference Cybersecurity 20/20 conference Security IT Study 4.0 transformation Series Big Data Series Cloud Series IT transformation series 2018 IT Study Series Security Series Product brief IT Break
Cloud computing: Security isn’t only a technology issue
According to IT Trend Perceptions in Canadian Large and Medium-Sized Businesses, a study conducted by NOVIPRO and Léger, 42% of Quebec companies don’t think that cloud computing is secure enough.
It may be a terminology issue. The word “cloud” evokes lightness, volatility and, by extension, unreliability. And yet, nothing could be further from the truth.
“A data center is a lot more like a farm with thousands of servers stored in ideal, tightly controlled conditions to make sure data is kept safe,” says Kévin Dhuicque, who is a cloud solutions specialist at E-SPACE, a subsidiary of NOVIPRO.
In other words, when you send data to the cloud, you’re entrusting its storage to a company that specializes in just that!
Cloud and security
“People often feel reassured when they can see the servers,” explains Boubekri. “Not knowing where their data is physically stored is disconcerting for some people.”
When this is the case, people may feel better after visiting a datacentre. They would get to see the physical devices that keep data safe (fingerprint scanners, cameras, sprinklers), software (firewalls, antivirus) and infrastructure designed to keep conditions optimal (temperature control systems).
In some cases, there are back-up systems in place to transfer data from one server to another—or even from one data centre to another—if a problem or disaster occurs.
This especially applies to private clouds, which are more security-oriented. Security mechanisms are rarely mentioned specifically for public clouds.
“From a financial standpoint, it’s very hard for small and medium businesses to afford this level of precautions to protect their data,” said Dhuicque. “Each company should focus on its own sector!” False.
Selecting the right provider
If the cloud is really that safe, why do security breaches make the headlines so often?
In essence, the quality of cloud providers varies a lot. It’s important to make sure that your supplier’s infrastructure and reliability are on par with your security needs. Transparency and traceability are the foundation of all cloud computing partnerships.
Lastly, it’s wise to ask about the legal framework governing your provider’s operations. The same rules don’t apply everywhere!
Remember all the hoopla about the USA Patriot Act and the liberties the American government took to access data that was either stored in the US or had passed through it? Fun fact: Canada is widely recognized for its tight rules on data confidentiality. Canadian cloud solutions suppliers are obligated to back their expertise with robust security solutions that guarantee the availability, integrity and privacy of all data they are entrusted with. It’s the law.
Selecting a technology partner that meets these security requirements is without a doubt the most important decision a company has to make if it wants to reap the benefits of the cloud and keep risks to a minimum. Then comes responsible technology use.
Behavior before technology
“There’s nothing more important than a security policy, since the biggest threat comes from inside the company,” says Dhuicque.
Even if you keep your data stored in a nearly impenetrable fortress, all it takes is one employee working on a confidential document in a public place—possibly using the free Wi-Fi at a coffee shop—for a security breach to happen. Other risk factors include vulnerable passwords, malicious websites, phishing emails and using your work telephone for personal purposes.
Some companies go as far as blocking sites like Facebook, while others prefer to raise user awareness about how to use the cloud securely. It’s important to get the message out to all system users, including employees, suppliers and customers.
As Dhuicque points out, “When it comes to cybersecurity, communicating your internal policy offers better results than the latest technology.”