I forgot to mention here that about two weeks ago, my coauthor and I submitted the final manuscript on Cloud Security. The book is entitled: “Protecting Information Assets and IT Infrastructure in the Cloud”. It is broken down into five chapters which are as follows:
The Fundamentals of Cloud Computing;
The Amazon Web Services (AWS);
Threats and Risks to the Cloud; and Risk Mitigation Strategies;
How to use the Cloud for Backup and Recovery;
Want more detail?? Well you’ll just have to buy the book when it comes in print, hopefully by next spring. LOL.
The book is roughly 250 pages long, and it goes into a lot of detail of course about the Cloud, and it is designed primarily for the C-Suite, IT Managers, and Project Managers who want to learn more as to how they can deploy their stuff and projects into the Cloud.
Tons of corporations and businesses and individuals alike are now either using the Cloud or migrating completely to the Cloud for all of their computing needs. The reason for this is simple: It offers many advantages versus than having to store every thing on site, also known as “On Premises”.
For instance, with just one or two clicks of your mouse, you can sign up for services at a fraction of the cost it would be at retail.
Cloud based pricing is affordable, and best of all, it is fixed, so there are no surprises. Also, all of your resources in the Cloud are very scalable, meaning you adjust the level service either up or down based upon your personal or business needs. Because of this huge flocking to the Cloud, many Cloud Providers have for a long time been a favored target for the Cyber attacker.
The trend was to get all of the passwords that they could get, but now it is all about the theft of Intellectual Property and customer data which can be sold on the Dark Web. So now the question comes: Given this, how much should we really be storing on the Cloud?
To some degree or another, when we sign up with a Cloud Provider, it is their responsibility to provide the needed levels of Security that are required to protect the servers and the databases that we rent from them in order to store our information and data.
But what is often forgotten about is that we, the customer, are also responsible for making sure that level of Security is more than adequate enough to satisfy our requirements.
The best example is Encryption. This is a de facto standard now that is being offered by just about every Cloud Provider these days. When you sign up for an account with them, they offer this service, but then it is up to you turn to actually activate it, and configure it properly. So, if a data breach does occur to your server, it is the first reaction to blame the Cloud Provider.
But when a Forensics investigation is conducted, the blame for this will more than likely fall on you because you did not activate the proper levels of Security when it was offered to you. Remember, at least here in the United States, if you entrust a third-party vendor (such as that of a Cloud Provider), they will not to be blame in the end, it will be you.
Under a court of law, they will determine that the Security services were offered to you, but you failed to neglect to activate it, or ask for help if you didn’t know how to do it. Also, when you do not activate these services, your mission critical information and data is considered to be at “rest”. Meaning, it is not actively being accessed using the provided Security based protocols. Thus, it remains wide open to the Cyber attacker.
Also, when it comes to activating the Encryption services that are offered by the Cloud Provider, they often store what is known as the “Private Keys”. This is what is used to decrypt your information and data that is stored with them, so that you can access it into a decipherable state.
But yet nobody realizes when this happens, because everything is done at the back end, and it happens so quickly. You also need to make sure that you store a set of Private Keys as well at your business or corporation, just as a secondary backup in case something goes haywire at the Cloud Provider.
So, in the end, what should you store and not store with your Cloud Provider? There are many arguments about this. Some Cyber security specialists will say that it is fine to store everything onto the Cloud, and some will say everything should be done on On Premises so that you maintain control over everything. But keep in mind, that if choose the latter approach, you will be responsible for everything, which can get very expensive in the end (such as the hiring the staff to maintain everything, software licensing fees, hardware upgrades, etc.).
To me, the answer lies in the middle. I think it is perfectly fine to pretty much migrate all of your IT Infrastructure to the Cloud. Along with the advantages that come with it, keep in mind that the Cloud Provider will do all they can to provide you with the latest, cutting edge Security solutions.
After all, in the end, their reputation is on the line as well, and if any Security breach were to occur to them, they would lose customers in literally a heartbeat.
But in the end, once again, it is your responsibility to make sure that these Security services are activated, and configured to your needs. The Cloud Provider will always be happy to provide assistance to you, but in this instance, it would be best to hire out a Cyber security firm to help with you this.
After all, it is totally out of the realm of the Cloud Provider to ascertain what your exact needs are, this is where the role of the Cyber security specialists will come into play.
But whatever you do end up storing with your Cloud Provider, make sure that you keep physical backups for the sake of redundancy at an off-site location, so that you can restore your business operations in just a matter of a few hours, just in the off chance that your Cloud Provider was impacted by the same kind of Cyber attack that you were hit with as well.
Maintaining this redundancy is critical for everybody who uses the Cloud, for both individuals and organizations alike. Take me for an example. When we writing the Cloud Security book, I stored all of the files in the Cloud. But I also made a secondary copy of them onto three different USB drives as well, just in case something did happen to my Cloud Provider.
Remember, in the end, it is always about proper and open communications. If you have any doubts, always ask your Cloud Provider, and your Cyber security specialist (if you have hired one – they are not cheap, but it is far better to spend a little bit now then a lot more down the road if you are hit with a Cyber-attack).
Keep using and enjoying all of the advantages and the benefits that the Cloud has to offer!!!
Finally, to view report on Cloud Risk Management studies, click on the below link: