The answer is not as dire as it may seem at first, and organizations should look to newly appointed NSA Director Adm. Michael S. Rogers for the reassurance to move forward and take the necessary steps to get the job done. In a New York Times interview on June 29, 2104, Rogers said, “You have not heard me as the director say, ‘Oh, my God, the sky is falling’.”
While Rogers is unyielding in his resolve to improve security following the Snowden security breaches, the former cryptologist will not promise perfection or guarantee full security with “100 percent certainty,” noting that a “determined insider” can hack into any system. However, it’s not just insiders that worry businesses; cyber threats are also present from the outside. Measures need to be taken to control the menacing issues they can inflict.
In the wake of a year of full of security breaches – remember Target, Facebook and Google – how can personal and mission-critical information be protected? And where does this leave enterprises who are employing cloud-based solutions?
For any organization, this is an immense undertaking. For the company operating its own cloud-based solution, it can be an expensive, resource-draining endeavor. However, the answer to minimizing security risks is out there. It starts with building a cloud infrastructure on a secure environment followed by monitoring the system to detect and eliminate potential cyber risks, and then devising a plan to react to, defend against and mitigate any exposed threats.
This is not an easy undertaking, even within the cloud service provider (CSP) market. It is clear – given these variables – that not all clouds or CSPs are created equal. The most successful CSPs will do their due diligence in creating and ensuring a secure solution; providing ongoing monitoring for threats; and devising a plan to react to risks before they can cause harm.
The basis of any secure system is a secure foundation. As a bare minimum, cloud-based solutions must have the secure infrastructure in place to secure user’s systems. Peak 10 — an infrastructure, cloud services and managed services provider – is serious about security. Built on leading-edge technology, Peak 10’s cloud solutions offer multiple layers of protection – including firewall and router configurations, multi-factor authentication and an intrusion detection and prevention system (IDPS) – to help keep data secure. The company, which offers PCI- and HIPAA-compliant cloud services, also undergoes yearly independent audits to ensure its own security and compliance.
Unfortunately, a secure system is not enough in today’s cyber world. Hackers exist and are dedicated to finding ways to tap into and access private information. As a result, companies are wise to consistently monitor the activity on their systems. This, however, is as time-intense as it sounds. What further complicates this undertaking is knowing what to do if a threat is recognized. Some CSPs, like Peak 10, provide ancillary managed services that can proactively monitor data access and are able to recognize and quickly react to potential threats before they become dangerous. Through these add-on managed services, Peak 10’s seasoned professionals can also provide vulnerability management programs and strong access control measures to further develop security measures and protocols in order to defend against threats. This provides a secure infrastructure upon which users can deploy their systems in the cloud. Ultimately, security in the cloud is a shared responsibility and a trusted CSP is key to success.
In the end, no system is completely secure against all threats. The key to developing and maintaining a secure environment is to implement strong security practices. This includes consistently monitoring the system for potential threats and devising and implementing a plan to avoid or mitigate exposed or perceived risks. The best security plan will also continue to evolve to keep up with – and dare I say, stay ahead of – the hackers to ensure a secure cloud-based solution and avoid “the sky is falling” mentality.