January 26, 2017
It seems like everyone is migrating these days. Not only are more and more people leaving their countries to explore greener pastures, but many companies are moving their data and services to the cloud. This is where the future is heading. Cloud storage has been growing rapidly and a MarketsandMarkets report expects the total revenues of the cloud industry to be $9 billion by 2019. That’s a growth rate of almost 16% each year.
Whether you are looking to move your entire infrastructure or want to start using cloud services (aka SaaS), here are several reasons to consider the move:
Operating your own systems and infrastructure is expensive. Not only do you need to own the hardware and maintain it, but you also need to pay staff to keep it running. You must have capital on hand for large equipment purchases at sporadic times, as well as staff on-call in case of downtime.
With cloud services, you can use what you need, as you need it. It makes expenses much more predictable and reduces the total cost of ownership (TCO). Your company won’t face any more huge bills that strain your cash flow when there is an equipment failure. An added bonus is that using cloud services is more efficient and environmentally friendly.
Cloud providers such as AWS offer a “shared responsibility” model. This guarantees the underlying physical security of their platforms. It also provides tools that can be used to control access to cloud resources if they are implemented correctly. This arrangement shares the security responsibility between you and the cloud provider.
As users become more educated, vendors are expected to be compliant with established security standards (such as SOC2/SSAE16, PCI, and HITRUST). These standards give users greater confidence that data is being handled properly in the cloud.
Continued innovations in the cloud space are helping to ease the headaches of deployment and integration with platforms such as CodeDeploy, CircleCI, and SolanoLabs. Cloud services make it simpler to create development environments that more closely match production environments.
Because you’re not worrying about the hardware provisioning, you can get off the ground without any major technical difficulties. You also don’t have to plan your infrastructure to accommodate future growth, instead you can just scale up your services when the need arises. This gives you the freedom to expand without having to commit additional resources.
The freedom that comes with using a cloud provider allows you to experiment with new services. Because you don’t need additional hardware, it means that you can try out new things with ease. If they don’t work out, you aren’t stuck paying for a bunch of hardware that you don’t need.
If your on-site hardware fails, your business will face downtime until it is fixed or replaced. Cloud services allow you to develop a backup strategy where you can quickly rollover your entire global infrastructure, or migrate to a different provider altogether. Downtime is very expensive. Your fixed costs stay the same and you’ll be paying many of your employees to be idle as they wait for your systems to recover. Minimizing downtime minimizes costs.
Products in the cloud are automatically updated. You are always on the latest version, so there is no confusion or waiting around. Vendors are more incentivized to provide excellent products that keep working, because the fees are paid over time instead of all upfront. With on-premise software, you are locked in, even if it performs poorly.
Compatibility is important with the cloud. Because of its distributed nature, cloud solutions typically use industry standards for data interchange. Unlike on-premise solutions which try to solve many problems, cloud can solve much more specific problems. This allows you to pick and choose the solutions you need, rather than getting locked into a single monolithic platform. And if a better option comes along in the future, it is much more likely that you can switch services with minimal effort.
While going to the cloud can be a great move for many companies, it also brings in some new risks. Having all of your data and processes in the cloud means that your once-siloed infrastructure is now spread across the globe and shared with more prying eyes than you ever thought possible. To top it off, your employees are more likely to interact with all this data on the go, all over the world, on a variety of different devices (many of which may be insecure). You can’t have the added convenience and accessibility without the possibility of vulnerabilities. Some tips to protect your business:
Your sensitive data needs to be encrypted both in transit and at rest to be kept secure. A recent Ponemon Institute study revealed some shocking data, indicating that many companies have poor encryption practices:
Your company needs to enforce strict password policies. These should involve complex passwords that need to be changed regularly. Wherever possible, use multifactor authentication and give people only the access that they need.
Before you sign up to a new cloud service provider, there are several things that you need to find out about them:
Subscribing to a cloud service can be a great move for your business, but it also introduces some new factors that are beyond your control.
The threat landscape is constantly changing, so it is important to stay current on the latest events. See our article on the best security blogs for excellent sources on how to stay up to date. Global security news is important, but you also need to keep up on the latest developments with your cloud provider. If they have any security incidents, you need to know about them so that you can make an educated decision on whether they are the right service provider for you.
Software-as-a-service (SaaS) has revolutionized the way that business software is distributed and used. As a SaaS provider, you are expected to provide software the is always available, reliable, secure, and compatible on as many devices as possible. The following practices are considered good security hygiene:
Cloud-based systems are inherently more complex than their traditional counterparts. Because of this, there are more opportunities for things to go wrong. That’s why it is important to plan for failure. It’s going to happen eventually, so it’s best to have systems in place that will alleviate any potential problems. Analyze the greatest threats that your systems face, as well as their individual risks, and have systems in place for when each of these come to fruition. This will minimize any damages or disruptions. If your service is designed to be resilient, it can prevent minor hiccups from becoming catastrophes.
When security is so pertinent, it is important that your code is up to scratch. Leaving behind any mistakes or vulnerabilities could eventually lead to a data breach or other attacks. Is input being properly sanitized? Are you allowing arbitrary code to be executed (hello WordPress). Having additional sets of eyes can help to catch these types of vulnerabilities before your code goes out.
If you had a warehouse stacked with priceless jewels, you wouldn’t leave the roller doors open with people wandering free-range throughout, would you? Something could go missing and you would have no way of finding out how it happened. The same goes with your cloud-based system. Give your applications and servers only the access that they need. There are many tools at your disposal to accomplish this including security groups, NACLS, IAM Roles, bastion hosts/vpn servers, and so on. Every line of code you write introduces risk—not having a safety net around that code can worsen the damage of an exploit.
If you want to keep your data secure and stay compliant with various regulations, it is important that you are monitoring your logs. This can be done internally or with a third-party service, but the security of your company depends on collecting logs from various sources such as firewalls, databases, endpoints, and network devices. This information can then be analyzed for potential threats. Good logging processes allow you to not only know that a problem has occurred, but also allows you to investigate the extent of the damage done.
To make sure that your systems, network, and data are secure, they need to be scanned regularly. There are a variety of services out there for automated vulnerability scanners such as Qualys and Amazon Inspector. These tools, when used properly, allow you to catch common security flaws that may have bypassed even your most rigorous of code reviews. And while we may love fully automated processes, there are still certain attacks that cannot be tested against with automated tools. In those cases, penetration testing is another tool in your arsenal for determining vulnerabilities.
Despite your best efforts to make your apps resilient, there is always the possibility that a critical error can completely take down your infrastructure. Whether this is the result of an entire region going down or a hack that renders your servers and databases useless, it is important to have backups in place to recover from one of these incidents. Your infrastructure, code, databases, and configuration should all be backed up regularly and there should be a process in place to restore everything if need be. When disaster can’t be averted, it is important to have a solid recovery plan. This can help to reduce downtime and alleviate any negative effects on your business. Oh, and safeguard your backups so that they aren’t destroyed by a breach.