Cloud Storage Providers: Sizing Up Cloud Security
Cloud adoption for compute and storage infrastructure, software and development platforms is on the rise. Yet according to Forrester Research, “about 50% of security decision-makers are concerned or very concerned about the risks that could be introduced to their firms by moving their data to the cloud through SaaS, platform-as-a-service (PaaS), or infrastructure-as-a-service (IaaS).”
This is partially due to the fact that traditional security tools are limited when it comes to many cloud service providers. So how do you choose the right cloud service provider, and what makes one better than the next?
The Safe Choice
In selecting a cloud provider, many organizations make the safe choice. They go with well-known brands. But, they also often walk away frustrated with the safeguards in place and the lack of security-related hands-on expertise. The inability of a provider to customize security solutions can also be a roadblock to an organization trying to create a complete cloud strategy. The key is being able to implement network security solutions that meet the enterprise’s protocols.
Because Peak 10 is a leader in data center services in addition to cloud infrastructure, our solutions can be customized to meet almost any security requirement.
An Additional Layer
Security starts at the access point to cloud resources — the cloud self-service portal. The portal interface at many providers is provided through HTTPS, which is encrypted, but only requires a username and password to gain access to critical resources. Peak 10 has made the investment in an additional layer of security for its self-service portal users, requiring two-factor authentication for access. We also require it for all internal employees managing systems within Peak 10.
You’ve probably experienced two-factor authentication when logging into your bank, Google mail and apps, or other more sophisticated websites and online services. Why is two-factor authentication important? Passwords can be compromised, and users often fail to change them on industry-recommended intervals. When a login is attempted to the Peak 10 cloud self-service portal, a unique passcode is sent to the user via a verified email address, text message or a third-party authenticator. Without entering this one-time, expiring passcode, a user isn’t granted access to the portal and thus, cannot manage his/her critical resources.
What Happens Next?
Another frequently overlooked and rather large concern around cloud security is the destruction of data after a server or service is retired. Data protection and handling are not to be taken lightly. They are far from simple. Industry security measures, such as PCI-DSS, and federal laws, like HIPAA/HITECH, change frequently. Many states also have laws regulating how a possessor of data must dispose of personal information. It’s important to work with a provider, like Peak 10, that follows a strict protocol for server and data destruction, and has the expertise to help you archive or destroy data the right way.
Whatever your cloud security concerns may be, Peak 10 will work alongside you every step of the way to tailor a cloud and network security solution that best fits your business needs. Just know that security is at the foundation of everything Peak 10 provides.
Forrester Research, “Sizing The Cloud Security Market,” August 25, 2015.