“One size fits all” does not apply to the cloud

Cloud and cloud security are buzzwords that probably have had the longest lifespan ever. Lots of companies are talking about it, thinking of going for it and wondering about its data security. Still, not that many companies have actually taken the step of adopting it.

Enterprises and SMEs have a similar interest in the cloud. They ask the same question: “How do I increase my agility, flexibility and availability while decreasing my costs?” But they get a different answer depending on the size of the company and its core business.

Before considering your journey to the cloud, list your priorities in terms of security, scalability, your ability to manage your IT and the budget. These are some of the questions that you should ask yourself:

Data security

The argument most often for used not moving to a hybrid or public cloud raises doubts about its security. How safe are my data when they are stored in the cloud? Can people access or copy data without our organisation knowing? These are important questions for cloud security, but what about your own data centre? Is everything there safe? And how would you rate the sensitivity of the data you’re currently managing yourself? Not all data are equally confidential. Make sure your most sensitive data are well protected, focus on your DNA and treat less relevant information like any other commodity.

Physical access

Most major companies have state-of-the-art data centres but SMEs often have basic facilities where physical access is not fully controlled because of limited space or resources. This means shared offices or the typical small room in the basement dedicated to hosting the IT equipment, but sometimes there is no badging or surveillance system to protect and monitor the equipment. Compare this to the strict policies for physical access enforced by cloud providers, whose servers are often better protected than bank vaults.

Remote access

With most cloud providers, you can choose the location of your data (Belgium, the Netherlands, Ireland, and so on) and your data will protected by local laws. However, Microsoft, Amazon, Google and others have very strict KPIs in terms of availability, so they often reserve the right (in very small print) to back up, store and restore your data anywhere in the world. Which includes the USA, where the Patriot Act allows the NSA to request access to whatever data they want. If even telecom companies like Proximus have been compromised – officially and unofficially – by national security agencies, what are your chances? The most important question is: are you safer in your own data centre? Maybe not. Plus, are you really at risk if the NSA, their Russian and Chinese counterparts or anyone else gets hold of your data? And can your security investments match those of Microsoft, Google and Amazon?

Local data

Finally, don’t underestimate the potential danger of data on laptops and smartphones. You can protect your data centre as much as you like, but as long as you allow employees to access email and other data from their unprotected devices, your system is vulnerable to a data breach. Data Loss Prevention (DLP) should be considered from every angle and not just from a single site such as your data centre (it’s no good guarding the front door if all the windows are still open). We’ll go into more detail about this topic in a future blog post.