Cloud Computing has rapidly moved to the forefront of IT Developments over the last few years. The trend has accelerated with the seismic changes in business strategies following the pandemic and the move to home and remote working.
Many organisations, faced with the need to move to an e-commerce platform, have chosen to implement it on a Cloud Computing platform, usually supplied and managed by a Managed Service Provider (“MSP”). The rationale is that they can continue with business as usual as normal while implementing the new e-commerce platform quickly during the migration to the Cloud.
As with many IT concepts, there are several definitions of Cloud Computing. A simple definition from IBM defines it as on-demand access to computing resources via the Internet.
For our purposes, on-demand access includes access to physical resources like servers and applications and data resources held on storage devices provided by an MSP.
The Cloud can be in one physical location, for example, an in-house data centre or over several hosted locations.
Cloud deployment models include private, public and hybrid clouds. Private clouds are cloud infrastructures operated only by a single organisation, usually in an in house data centre; public clouds are those delivered by MSPs over the public Internet; and hybrid clouds, obviously, are a bit of both.
Cloud Computing provides benefits including:
- Lower IT costs. The costs of supplying and managing infrastructure are passed over to the MSP;
- Quicker Deployment. Systems can be deployed much more rapidly, especially for pre-loaded systems already installed at an ISP; and
- More effective scaling. Basically, you pay for what you use. What you pay will follow your resource usage. Use fewer resources, you pay less, use more, the MSP provides the additional resources and you pay more, but only for the time you need the additional resources. You won’t be paying for idle excess capacity purchased to cover peak usage times.
One major concern has been the security of access to systems and data held in public and hybrid clouds, especially client financial information. Paradoxically, moving to the Cloud can make your business more secure, and here’s why.
Access to Systems and Data
One of the duties of an IT Head is to create an environment where access to systems and critical data is kept safe and secure from loss or theft. The majority of IT professionals consider security as their major concern when moving to public and hybrid Cloud Computing platforms. Hacking is one way to lose data, but there are other ways, loss or theft of a smart device like a cellphone or laptop, hardware failure or end-users taking it away on portable storage devices.
This concern is heightened when the Cloud runs on public infrastructure hosted by one or more MSPs.
Cloud Computing provides the opportunity to address these concerns.
Your MSP has a deeply vested interest in providing a demonstrably secure environment. Their business depends on it. You can take advantage of the large sums the MSP has spent on security hardware and software by tying your applications and data into their security environment. In some cases, you will find that they insist you do.
Information can be locked down and encrypted, application systems can be compartmentalised, perhaps with different functional areas held on different servers with different security levels.
Remote access and working from home increases the potential for unauthorised access to your systems. Cloud-based authentication, perhaps based on authenticated VPN access can reduce that threat while maintaining the ability to support remote access and working from home.
Other applications, such as remote access controls, management of the VoIP environment and control of incoming and outgoing data transfers can be included in the overall security environment. Add email security, and it’s virtually the full set.
One other point to consider is maintenance and updates. MSPs usually allow software suppliers to remotely update their security systems, typically malware signatures and detection algorithms, even blacklists of suspected websites infected with malware.
Backup and Restore
Again, it is in the interests of the MSP to ensure that you have continuous access to your systems, at least 99.999% availability. If you are running an e-commerce system, this is critical to your business since downtime means lost sales.
You should ensure that your MSP has a complete backup regime, where, in the case of a loss of service, perhaps hardware failure or systems downtime for whatever reason, your systems and data can be brought back into operation as soon as possible. It isn’t always the case, but you may find that the MSP has a better backup and recovery regime than your own in house team.
Most countries operate in a strict regulatory environment around the storage and management of data. Over and above the general laws and regulations, some industries, for example, healthcare and, to an extent, finance have further compliance conditions.
For example, both the EU and the US have strict regulations and laws on data privacy, covering the dissemination, loss, destruction and theft of personal data.
Compliance can be a costly and complicated exercise for organisations. Once more it is in the interest of the MSP to ensure that they comply with all the relevant laws and regulations of their country of residence, and in some cases, those of their and their client’s customers.
If you are contemplating a move to the cloud and are worried about security, Cloud Computing can, in most cases, be more secure than your current environment.