In the tech world, you may hear the phrase "the cloud" quite often. But what is the cloud? Cloud computing refers to a network of servers that act as storage or processing power and are accessed through the Internet, rather than as local resources. Use of cloud resources can be beneficial in a variety of ways. Not only does it allow users to access their data or software from wherever they are, but it can also be cost effective. Cloud computing may refer to several types of services, which are often seen with an 'aaS' extension (for 'as-a-service'). The 'as-a-service' industry has grown significantly in the last few years, expanding to include things such as RaaS (Robots-as-a-Service). However when talking about cloud computing, there are three primary cloud computing solutions: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS).
Cloud computing comes with both benefits and risks, so do your homework before moving to the cloud.
Companies know that growth and development come with a cost. Cloud computing may be one solution to add resources or software capabilities at a cost-efficient price point. Not only can cloud computing be an efficient way to cut down on resource expenditures, the accessible nature of cloud hosting is ideal for businesses whose employees work from remote locations. As the cloud model dictates that the resources being purchased are hosted on the Internet, they can be accessed from anywhere in the world.
With all the advantages of cloud solutions, there are also some potential disadvantages to hosting data on the Internet. Potential benefits include:
There are also some risks to cloud hosting:
Cloud storage can be a convenient, cost effective way to ensure that your company has access to the resources that it needs, from anywhere in the world. However when your information is located on another organization's servers, it's necessary to verify that you are not opening yourself up to a potential attack or data breach. When vetting third-party cloud providers, it is important to ask questions and consider multiple options.
Here are some questions to ask before purchasing a service from a cloud provider.
If your company is required to adhere to a standard of compliance, your cloud provider must also adhere to that standard to ensure compliance. For example - if your organization is required to operate under HIPAA, inquire as to whether or not the cloud provider is willing to sign a business associate agreement (BAA). A BAA ensures that a third-party will protect electronic protected health information (ePHI) according to the HIPAA guidelines.
Some information may not be appropriate for cloud storage, regardless of the cloud provider's security. It is important to identify and classify sensitive information, prior to moving your data to the cloud. Gauge what type of risks your organization faces. After choosing a cloud provider, update your information classification policy, and ensure that users understand what information is authorized for cloud storage. Consider using tools to search cloud storage for personally identifiable information (PII) in order to ensure that sensitive data isn't being stored in an unauthorized location.
Additional precautions include tracking uploads, downloads, modification times, access times, deletions, and other changes that occur within the cloud. This will require enabling logs on the cloud storage solution. The specifics of enabling logs will vary, depending on the cloud provider; but many logging tools can also be utilized. Keep in mind that these logs should be stored in a secure location. Implement minimal and restrictive access to individuals involved in the cloud-hosting environment, and make sure to utilize multi-factor authentication.
If your cloud provider does not have integrated logging, you may need to contract an external source to assist in maintaining useful logs. Solutions like Datadog and LogDNA may assist your company in ensuring that their logging process is thorough and reliable.