News

Industries

Companies

Jobs

Events

People

Video

Audio

Galleries

My Biz

Submit content

My Account

Advertise with us

Companies must take ownership of securing data in the cloud - Broeke

Companies now have a greater choice of cloud service providers to whom they may entrust their data. According to Richard Broeke from specialist managed IT security services company Securicom, attacks on cloud companies are to be anticipated, and client companies should accordingly exercise the right to choose a cloud service provider more assertively.
Companies must take ownership of securing data in the cloud - Broeke

"Security has always been a bugbear for companies considering the cloud. But, now that it's maturing, cloud computing can actually offer some security benefits to companies, especially smaller ones that don't have skilled people in-house to manage company systems and make sure that they are patched and updated properly.

"Well-run cloud applications, with a credible provider, are more likely to be secure and adequately backed-up than the average on-premise system at an average company. Professional cloud service providers will also have strong policies on who can access their customers' data and under what conditions. They will also have robust security in place to protect data centres.

"The problem is that not all cloud applications are well-run and not all cloud companies are professional or secure. Companies must ask a lot of important questions before signing up with a provider and handing over their data," warns Broeke.

Do your homework

Broeke continues: "The importance of choosing a credible and trustworthy cloud provider goes without saying. You have to do your homework when choosing a provider. Evaluate their experience in the market, how long they have been around, the type of partnerships they've got, and importantly, where their data centres are and what measures they have in place to protect them.

"You should also fully evaluate the terms and conditions of extracting and recovering your data at a later stage as there may be a fee involved. It is also a very good idea to talk to get references from their other customers before you commit."

In its 2013 Internet Threat Report, Symantec predicts a rise in attacks on cloud providers this year. So far, most of the very big data breaches have occurred in businesses which collect a lot of personal and confidential data such as healthcare providers, banks, online retailers and games companies.

Be selective

With this in mind, Broeke says companies should never sign up with a cloud provider that cannot offer multiple levels of security to secure the cloud environment.

"Data centres, which should ideally be housed on South African soil, should feature stringent physical security. Then, naturally, there should be numerous security technologies employed at every other level, from measures to protect data in transit and while it's at rest, to authentication and access control technologies to ensure that only authorised personnel are able to access, use or change data.

"Remember that the communication line to a data centre is the internet, and this is inherently an unsecure network. Communication between onsite and off-site systems therefore needs to be secured with point-to-point encryption. Encryption is not a given with all data centres' providers. In fact, many expect companies to take care of it themselves.

"When housing applications and data in the cloud, companies must own their own data and take ownership of securing it. Ask what is in place to protect your data; if you aren't satisfied, move on to another provider," says Broeke.

For more information, go to www.securicom.co.za.

Let's do Biz