This article is a continuation of our series discussing cloud service myths.
MYTH #4 — SECURITY & PRIVACY
High-profile cloud security breaches of personal credit information, credit card data, and user login credentials are still fresh in the minds of the public. These events may have impacted you personally, but the response to these incidents is driving change and investment. Recently, governments around the world have introduced or enacted legislation requiring greater oversight and protection from service providers, and security protocols to provide users with more control over their sensitive information. Mcrosoft, Amazon, and Google have continued in 2018 to invest billions more in securing their cloud data centres, but most businesses are unaware of their own responsibilities and best practices for protecting their cloud workloads. What most people don’t understand is that their users are the biggest security threat to their organizations. The best way to protect sensitive data from bad actors is to limit access to applications and SaaS (Software-as-a-Service) services containing sensitive PHIPA information, financial data, personal credit information, user login credentials, and other confidential information to private line direct connectivity services. Private line connectivity can eliminate user vulnerability to phishing or man-in-the-middle attacks. SaaS products containing this sensitive data such as Workday, Peoplesoft, and Salesforce can be secured by limiting platform access to private line direct connections and forcing users outside of the office to access those services over an encrypted VPN connection to your primary network.
“The best way to protect sensitive data from bad actors is to limit access to applications and SaaS sites containing sensitive PHIPA information, financial data, personal credit information, user login credentials, and other confidential information to private line direct connectivity services.”
Best practices for minimizing security and privacy risks:
- Understand the shared responsibility model of your cloud provider.
- Implement multi-factor authentication***, identity management, and network layer security at every level of your deployment.
- Limit user access to applications, data, and services to least privilege, and educate your users to build the “human firewall” with products from Cofense or KnowBe4.
- Security harden VPC/VDC virtual networks, implement unified network architecture across your office and cloud virtual network, and centrally route all of your internet bound (0.0.0.0) network traffic (cloud and on-premise) through on-premise or data centre hosted security appliances with advanced NGFW DPI, SPI, and reporting features.
- Migrate cloud service connectivity to private line direct connectivity services and remove direct to cloud VPN access to VPC/VDC deployments from users.
- Limit access to SaaS and PaaS (Platform-as-a-Service) services with sensitive, financial, and/or personal health data to private connectivity from your office and branch locations exclusively.
CONCLUSIONS
Finding a trusted advisor who will be forthright and willing to work against their own self-interest on behalf of their customers is a challenge. Some business owners might say impossible. As we have discussed, the FUD holding your business back is either unfounded or exaggerated. The best way for your business to thrive is by embracing cloud services, a multi-cloud strategy, and becoming as capital efficient as possible. Find a provider who isn’t a box pusher, and isn’t afraid to enable digital transformation projects that free capital, provide better performance, security, and resiliency.
The best advisors know that their value to their customer can evolve and change with technology. During my time providing vCIO services to financial service and tech companies in Toronto, I took great pride in solving people’s problems first and worrying about my quota or commission second. I still hold myself to that principle in my new role at Beanfield and work hard to help companies unburden their organizations of server rooms and colocation facilities. vCIOs live and die by their professional track records and reputations, and people remember the moments when they demonstrate that they sit on the same side of the table as their clients. MSPs have a challenge ahead to prove that their business can evolve and support their customers as managed service revenue evaporates. The great MSPs will be great CSIPs (Cloud Service Integration Providers) and continue to deliver valuable services to your business.
The retail data centre is dead, the server room is dead. Long live the cloud!
You can read the entire series as a single article on Medium here.
About the Author:
Daniel Simmons is the Director of Cloud Strategy at Beanfield Metroconnect, a cloud product manager, cloud evangelist, and a solution architect for cloud and data centre services. He lives in Toronto with his partner and dog.