«

»

Jun 30 2015

How secure is your cloud?

Security Inforgraphuc ThumbnailThere is an increased focus on the security of data held within cloud systems, recently highlighted by the publication of PAS 1192-5.  Cloud services are delivered in a range of ways with varying levels of security, this post will explore some of the factors you should consider when assessing cloud-based services.

 

Public Cloud vs Private Cloud

A key differentiator between software providers is whether they deliver their software solution via a public cloud versus a private cloud.  In services that use a public cloud, an individual user’s data can be stored in any number of locations, and on the same servers as other users.  This presents a challenge for data protection in that legislation or corporate governance may prohibit data being held in certain countries, and for security in that if the public cloud is compromised multiple users’ data will be at risk.

In a private cloud like that used by CONJECT, users’ data is held in one data centre (in the case of CONJECT with an offsite backup), on dedicated servers.  This provides piece of mind as the data can be associated with a physical location for compliance purposes.  CONJECT go one step further and ensure that each client’s data is held on a separate server configuration removing the risk of a bug exposing different clients’ data or a breach affecting multiple clients.

 

Securing Data in Motion

Data in Motion refers to data that is moving, in this case between a user’s device and the cloud provider’s servers.  If the data is not encrypted whilst on the move it is vulnerable to being intercepted and read by malicious third parties.  The methods used to protect Data in Motion often collectively labelled SSL (Secure Socket Layer) however in actuality there are a range of protocols used with older versions offering much less protection.  In fact all versions of SSL are now considered obsolete and accordingly CONJECT support and recommend using the latest TLS 1.2 (Transport Layer Security) encryption.

 

Securing Data at Rest

Data at Rest refers to data that is currently static such as the data end files held in the database and file store.  Data at Rest is typically held behind firewalls and some form of IPS (Intruder Protection System) to protect against external attacks.  CONJECT use two pairs of firewalls with different configurations, vastly increasing the difficulty of unauthorised access to the data.

Normally, in the event that an intruder penetrates the firewalls and gains access to the database, or acquires the physical disk drives or backups they would be able to access all the data.  However CONJECT take the additional step of encrypting all client databases ensuring that even if someone did gain unauthorised access to the drives, the data would be totally inaccessible to them.

Encryption of the database, as well as protecting the database and file store with different security credentials also increases security against internal attack from a malicious staff member at either the cloud provider or the data-centre.

 

Back to Basics

 User-based rights are an important aspect of security.  For example, you might not want your supply chain to see your commercial information.  CONJECT solutions allow administrators to set permissions on a file by file basis and assign them to individuals or groups of users.

Most cloud solutions will be accessed through a username/password combination, setting rules for the composition of passwords and how often they need to be changed is crucial.  The best encryption available will be of limited use if your users are all signing on with ‘Password123’.

To find out more about how CONJECT secure your data in the cloud view the our infographic

About the author

Michelle Mason

Michelle Mason leads the UK and MEAP Marketing team, with far too many years in B2B marketing to mention. A CONJECT newbie, Michelle is eagerly climbing a steep learning curve.

View my LinkedIn profile:
http://uk.linkedin.com/in/michellemason04

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>