Cloud Security
Every month major corporate and governmental sites across the world are hacked for various reasons: faulty security protocols, badly administered firewalls, vulnerability to malware etc. The truth of the matter is as business owner your sensitive data, be it financial figures or customer invoices, is not safe behind your current security measures. Moreover, the data backups which you perform (you do regularly backup your data, don’t you?), even though they are most likely stored on an external password protected hard drive, are not taking place often enough nor are they kept behind stringent enough security measures.
The reason for your lack of security is simple: you are attending to more pressing matters. You have a business to run and the last thing on your mind when you are trying to ship 10 tons of cargo across the Pacific Ocean is what your external hard drive is or isn’t doing. So we have a question for you, what if you could be sure your data was secure? What if you could hire a company to monitor and backup your secure data on a bit-by-bit basis because it’s their job. When you decide to virtualize your data with a secure IT Integrator, you get exactly that. (For a short casual conversation on Cloud Security with FortressITX Director of Managed Services, Louis Ardolino click Cloud Security).
Datacenter
Before we go any further the first thing which has to be mentioned is the importance of an onsite datacenter. Your Cloud provider must have their own datacenter where they store all your information securely. If they don’t, you are paying your IT integrator to outsource your data to another IT integrator. Bad idea. If your IT company has to pay another company to manage your data, how secure can everything really be?
With that out of the way, let’s talk about security. Within the Cloud, security concerns are generally grouped into three key areas: Security and Privacy, Compliance and Legal. For the sake of this conversation, we are going to speak to the most pressing of the three, security and privacy.
Security is a Two Way Street
Security in a Cloud environment is a two way street involving your IT integrator and the customer (you). For your IT integrator security means protecting and locking down all of your secure data within their datacenter and protecting your server with firewalls so only you have access to it. It means deploying stringent firewalls to ensure traffic going in and out of your Cloud is of a non-malicious nature and it means protecting your data and applications via software, web application and hardware firewalls. Conversely for the customer, security in the Cloud means using an IT provider who is committed to maintaining stringent security measures in both your Cloud and onsite LAN (local area network).
One of the most common mistakes for companies entering the Cloud is forgetting to secure their physical location with firewalls. Although you have chosen to virtualize your data, you still have to maintain security protocols on your desktop and throughout your physical office. It’s great that you have chosen to virtualize your data with a security focused Cloud provider however if you don’t install a firewall across your LAN, your desktop can still be hacked compromising your data.
Now that you have secured your LAN and virtualized your data into a Cloud environment, we have to talk about VPN’s. A VPN (virtual private network) allows you to establish a secure direct connection between your office and your private Cloud by utilizing tunneling protocols and various encryption measures. The benefit of a VPN is very simple: a secure impenetrable connection between your physical location and your private Cloud. For small businesses with sensitive information, there is no better Cloud security platform than a VPN.
To ensure security, IT integrators provide their customers with software, web application and hardware firewalls. Software firewalls are designed to protect the programs you use on a daily basis against any viruses. Common examples of software firewalls are Comodo, ZoneAlarm and Norton.
dotDefender Diagram
Whereas software firewalls are designed to protect the software you use, web application firewalls are designed to protect websites you visit and Intranet applications you use against hacking and web application attacks moving both in and out of your Cloud. To combat XSS and SQL Injection attacks, excellent IT integrators supply their customers with web application firewalls such as dotDefender, ServerDefender and Trustwave.
Although software and web application firewalls are great and highly needed, for truly effective security on multiple servers, a great IT Integrator will deploy hardware firewalls like Cisco ASA-5505 or Dell SonicWall. The major difference between a software firewall and a hardware firewall is a hardware firewall is specifically designed to monitor an entire internal network by separating all incoming and outgoing data packets. Whereas a software firewall monitors one or two servers, a hardware firewall polices an entire network of servers, or, an entire Cloud.
Now at this point you might be asking yourself, Ok, but aren’t there different types of Clouds, Public and Private? How does security work? Good question.
Think of a Public Cloud as an apartment building. Within your building (Cloud) there are many apartments filled with all sorts of people (tenants). Just like with a good apartment building, there are multiple levels of security, i.e. a doorman and personal door locks. This is done so no one can get in from the outside that shouldn’t be there and tenants can’t enter someone else’s apartment. A Public Cloud is the same way. An IT integrator will install firewalls and various security measures when deploying your Cloud to keep outsiders out (doorman) and will install personal firewalls to make sure no one in your Cloud can get into your apartment (door locks).
It has to be mentioned though, just as a door lock can be picked for access, so can your Cloud VPS. In reality gaining illegal access to your Cloud VPS (hacking it) is something to worry about however a good set of network monitoring, ids (intrusion detection system) and spam monitoring, like the kind DedicatedNOW deploys, will detect these break in attempts and stop them before causing any damage.
Private Cloud. A Private Cloud option is tailored differently than a Public Cloud. In a Private Cloud, the firewalls are tailored to you and your company. Within a Private Cloud you control every aspect of your security because the firewalls deployed are dedicated to you and no one else. You are alone in your Cloud meaning greater security control and a more focused security concern on outsiders.
In a Private Cloud you worry about outsiders, not fellow tenants. Due to this within a Private Cloud, it is vital your IT integrator has rigorous initial security hardening measures and continues to use them while the Cloud is deployed.
Another aspect of security in the Cloud is data backup.
Security is Great but Data backup is Essential
True data backup. If you are like most people and small businesses, you back up your data via a password protected external hard drive with a capacity limit that is always connected to your PC (Ex. A 500gb Seagate).
Seagate External Hard Drive
As you work, your computer runs scheduled backup syncs on a daily/weekly basis. If one day your computer happens to crash due to malware or a Trojan Horse virus, because your data backups are daily, you still have your information. This all sounds wonderful right? Well, here is the thing, one, your password can be hacked. Two, your external hard drive, like your PC, can crash or become corrupted causing complete loss of data. Three, you might back up a corrupted file containing the very virus which caused the crash in the first place. With a Cloud integrator, this issue is no longer yours to worry about.
By virtualizing your data into the Cloud, part of your IT integrators job is to constantly monitor and manage your data. As previously mentioned, data backups for most people means an external hard drive with a capacity limit which may or may not be password protected
Think of your IT Integrator as your own custom virtualized Slomin Shield. When you enter into a contract with Slomin, the representative you speak with will ask you about your home and what security measures you want to install. You want an alarm? Ok. You want cameras around your home? Check. By entering into a fully virtualized Cloud infrastructure, like Slomin, you can custom tailor your data backup needs.
For example, you’re a growing investment firm with an in-house server allowing for 1 terabyte of data running on RAID (Redundant Array of Independent Disks) 5. Your growth means you’re going to need more storage capacity, speed and redundancy. By virtualizing your data and entering the Cloud, your IT integrator will assess your current set up and work with you to build your personal Cloud infrastructure.
Whereas now you have 1 terabyte of data running on RAID 5, your IT Integrator will custom tailor your needs to supply you with 3 terabyte’s of storage running on RAID 10 (English translation: A lot of storage capacity running very quickly with full redundancy and fault-tolerance). Fault-tolerance is a key term. It means if one of drives fail, the information in your other drives is still alive and well however this does not substitute for true data backup.
It has to be mentioned, SAN data security is extremely important. How a SAN provider prevents other people from accessing your data – if they data is encrypted, how authentication is done – as an extremely important details when choosing a Cloud provider. What happens if someone gets full access to the SAN? Can they correlate the data with a customer? Can they see all the data? What prevents hackers from getting full access? Is data available on a public network, a local network, a hosted network? These are all things that need to be considered when moving into the Cloud.
True data backups require continuous data protection (CDP). CDP means just that, continuous. Unlike most external hard drives which perform data backups as a scheduled event, CDP backups operate as bit-level disk-based data protection. This means, “rather than reading and backing up individual files, CDP backs up data on a bit-by-bit basis…capable of providing hundreds of individual recovery points per day, scheduled as frequently as every 5 minutes.”
So now you know about data backup but you’re asking yourself, “honestly, do I really need to back up my data?” In a word, yes. Imagine falling asleep one night in your apartment without locking the door because you chose to forgo buying a lock. Come the morning, all your things are gone. Not fun.
Password Hacker
Now imagine the same with your business data. You go to bed and come the morning because you chose not to back up your data within a secure infrastructure, hackers cleaned you out. Not fun. You need data backups because in this case, Mom’s old adage of “better safe than sorry” is spot on but how many data backups do you need?
Although the answer varies, depending on the nature of your company’s data, ensuring two backup sources for all critical data is a minimum requirement in protecting the vital data that your company has spent thousands, even millions to build and maintain.
Now that you know all the ins and outs of security in a virtualized setting, look to this space in the future for more in-depth posts regarding everything Cloud.