Cloud Security

cloud-security

Cloud security should be at the top of any prospective cloud user’s list of topics to ask cloud hosting providers about. In the early days of cloud computing, companies were rightly concerned that cloud security presented problems that dedicated infrastructure did not. In the intervening decade, the technology underlying cloud platforms and the security controls of cloud vendors have matured. In many cases, storing data in the cloud is more secure than managing data storage in-house.

But cloud providers are not equal where security is concerned. There are two main ways in which cloud platforms differ. Firstly, a cloud provider may choose to provide basic infrastructure components and leave security almost entirely in the hands of its clients. And secondly, the cloud provider may simply not have the expertise necessary to provide secure cloud hosting.

Cloud hosting users should ask their vendor what network, server-level, and physical security measures they have in place, paying particular attention to:

  • Encryption, both within the cloud provider’s network and for data sent over the internet.
  • The security of the provider’s API and web interface, especially with regard to access and key management.
  • The physical security of the provider’s data center: CCTV, biometric access controls, access records, and round-the-clock manned security are the bare minimum.

Cloud Services

The term “cloud” has a precise technical meaning, but today it’s often used more as a marketing term than as a reliable designation of the services a provider offers. Many traditional VPS and even dedicated server providers have rebranded their services as cloud or bare metal cloud, a process known as cloud-washing.

But true cloud providers also offer a variety of cloud services: the major modalities are Software-as-a-Service, Platform-as-a-Service, and Infrastructure-as-a-Service, the modality most of us think of as “the cloud.”

Infrastructure-as-a-Service can be further broken down, depending on how the underlying physical infrastructure is managed and shared. Public cloud and private cloud have different security, privacy, and cost implications, and each can be managed or unmanaged. Before choosing a cloud vendor, make sure you understand which type of cloud platform you need and the implications the choice of platform has for your business.

Cloud Management

cloud-management

Many cloud vendors provided no management services at all. Cloud users are thrown in at the deep end with little help, a situation that has occasionally caused the failure of cloud infrastructure projects.

Cloud hosting service providers like ServerMania take a different approach, providing cloud management that allows clients to focus on building applications and services, while relying on us to ensure that their cloud infrastructure platform is reliable and always available.

Security is a key concern here. If your organization doesn’t have the in-house expertise to deploy and manage cloud servers and the software that runs on them securely, consider using a managed cloud platform that will take care of much of the security burden for you.

Key questions to keep in mind include:

  • Which management services do you provide?
  • What level of support does your company offer?
  • If I have an issue with my infrastructure, will your support team help us resolve it?
  • How quickly can I expect a response to support tickets? ServerMania’s industry-leading 15 Minute Response Promise can be used as a benchmark.

Certifications And Compliance

All infrastructure vendors make claims about the security and compliance of their platform, usually with the best of intentions. But it’s almost impossible for a cloud client to be certain of the quality of a platform without third-party verification.

A premium cloud provider should be able to provide evidence of certification and auditing for industry-standard data center and security certifications.

Among the most important certifications to look out for are:

  • SAS70 Type II for data center controls.
  • PCI DSS for storing and processing credit card data.
  • HIPAA for storing healthcare data.

ServerMania’s team will be happy to consult with your organization to help you build a secure and compliant network on our certified infrastructure.

Service Level Agreements

Security, privacy, and expert support are vitally important for any cloud infrastructure hosting client, but they mean little if the cloud infrastructure your organization depends on isn’t reliable and consistently available.

This is an area in which cloud vendors have mixed records. The more effort a cloud service provider dedicates to engineering a stable and highly available platform, the lower the risk of service disruption. The most reliable cloud providers use multiply redundant networking hardware, upstream bandwidth providers, power infrastructure, and round-the-clock monitoring to ensure that their systems are consistently reliable and available.

Service Level Agreements are a measure of the confidence a cloud provider has in their infrastructure. Don’t settle for anything less than ServerMania’s industry-leading 100% Cloud Service Level Agreement.

In the process of choosing a vendor to support critical business operations, businesses should take the time to investigate and verify the quality of the service on offer before making a decision. ServerMania’s sales and support team are ready and waiting to answer your questions and provide a free no-obligation quote.