This year, cloud computing is gaining ground within companies. CIOs are now convinced that when properly implemented, cloud computing can radically improve business flexibility and productivity while reducing infrastructure costs.
Large and small businesses are expected to move significant portions of their operations to the cloud within the next two years. Yet while every organization wants a piece of the cloud, not all will get the results they want. Here are the top five mistakes to avoid:
1. Not choosing the right cloud model
Companies migrating to the cloud can choose from public clouds, private clouds, community clouds or hybrid clouds.
- The public cloud: It belongs to a cloud provider and is accessible to a wide public. The principle is to pay per use and the platform is shared with other users.
Why not enjoy unlimited reading of UP'? Subscribe from €1.90 per week.
- The private cloud: It is owned and deployed by an organization for its own use as it is the sole and unique owner.
- Community Cloud: This is shared cooperatively by several organisations, often from the same industry.
- Hybrid Cloud: It mixes the cloud deployment models listed above, allowing applications and data to move easily from one cloud to another.
Each type of cloud deployment has its advantages. Factors to consider prior to adoption include: the level of criticality of the applications the enterprise wants to move to the cloud; regulatory and compliance issues; the service levels (SLAs) needed; how applications will be used based on workloads; and how applications need to be integrated with other business functions.
2. Not integrating cloud security into your enterprise security policy
Your cloud and enterprise security policies need to be integrated. Instead of creating a new security policy for the cloud, rather strengthen your existing security policies by considering this additional platform. To change your cloud policies, you need to consider where data is stored, how it is protected, who has access to it, regulatory compliance, and SLAs.
When done correctly, cloud adoption can be an opportunity to improve your security policies and your overall security posture.
3. Relying on the security of your cloud service provider
Do not assume that your data is automatically secure because you use a service provider. You need to do a complete review of the provider's security technology and processes, and check how they secure your data and their infrastructure. Specifically, you should examine :
- Data and application portability: Does your provider allow you to export existing applications, data and processes to the cloud? Can you import them again as easily?
To fight against disinformation and to favour analyses that decipher the news, join the circle of UP' subscribers.
- Physical security of data centers: How do service providers protect their physical data centers? Are they using SAS 70 Type II-certified data centers? How are their data center operators trained and qualified?
- Access and operations security: How does your supplier control access to physical machines? Who is able to access these machines, and how are they managed?
- Virtual datacenter security: Cloud architecture is the key to efficiency. Know how individual parts such as processing nodes, network nodes, and storage nodes are architected, and how they are integrated and secured.
- Data and application security : To enforce your policies, the cloud solution must allow you to define groups and roles with role-based access control, password rules and appropriate data encryption (in transit and at rest).
4. Assume that you are no longer responsible for the security of data
Never assume that outsourcing your applications or systems means that you are no longer responsible for data breaches. Some SMBs have this misconception, but be aware that your company is always ultimately responsible to its customers and other stakeholders when it comes to data tampering. In other words, it's your CEO who risks going to jail, not the cloud provider.
5. Not knowing which local laws apply
Data that is secure in one country may not be secure in another. However, in many cases, users of cloud services do not know where their information is stored.
Currently in the process of harmonizing the data laws of its member states, the European Union is promoting very strict privacy protection, while US laws, such as the US Patriot Act, allow the government and other agencies to have almost unlimited access to information belonging to companies.
Always know where your data is. If necessary, store your data in multiple locations. It is advisable to choose a jurisdiction that allows you to access your data even if your contract with your cloud provider ends unexpectedly. The service provider should also give you the option to choose where your data will be stored.
In conclusion, risk reduction approaches are key to cloud adoption and it is important that companies take responsibility for planning and ensuring compliance from the outset so that the returns on cloud investments are maximised.