These are exciting times for anyone with a stake or interest in cloud technologies. We have passed through the early adoption stage into one in which cloud-based processes are becoming commonplace. In both consumer and professional spaces, people are migrating to the cloud for reasons including accessibility, scalability and cost-efficiency.
Yet it’s arguable that one of the cloud’s strongest suits – security – is still rather undervalued. There are likely to be several factors in play here – one being a simple fear of the (relatively) unknown. But I would suggest that the more critical element is that migrating to the cloud entails handing a lot of responsibility for asset management and security to a third-party provider. In large organisations with complex workflows and storage requirements, this can have major implications for organisation and personnel, and means that moving to the cloud can be as much about a shift in corporate mindset as the technology itself.
But as cloud platforms continue to mature, those concerns are slowly diminishing – and for very good reasons. In particular, there is growing acknowledgement that cloud providers can wield much greater resources to tackle security threats than any company could hope to do on its own. Specialist security teams in the hundreds or thousands of employees are by no means uncommon in the larger providers – and those teams’ entire reason for being is to defeat current and emerging threats.
‘Emerging’ is the operative word because the overall security environment is always challenging – and continually evolving. For instance, at the moment, there is concern about escalating DDoS (Distributed Denial of Service) attacks, which are malicious attempts to disrupt servers, networks or services by overloading them with Internet traffic. Security vulnerabilities that remain unpatched and inconsistent cybersecurity protection are among the many other risk factors that can lead to corporate IT infrastructures being compromised.
Moving to a well-regarded cloud provider makes it far easier for companies to benefit from new security measures as soon as they become available. Similarly, cloud service adoption enables responsibility for standards and regulatory compliance to be outsourced, freeing up technical resources for other duties. This is no minor consideration given that the nature of the frameworks which may determine a company’s cybersecurity policy – for instance, in terms of specific regulations in sectors such as finance – is continuing to evolve.
Selecting your service provider
With an increasing number of specialist cloud providers joining the global leading players such as AWS (Amazon Web Services) and Microsoft Azure, corporations need to select a service that will be suitable for the long-term. In this regard, the eight criteria outlined by the Cloud Industry Forum – covering everything from technology roadmaps to performance and migration support – represent a sound starting point.
At Priva we now employ Microsoft Azure as the foundation of all our cloud-based developments, not least because of the high level of investment that continues to go into the platform. As well as benefiting from Microsoft’s billion dollar-plus annual spend on cybersecurity, the platform is protected by some 3,500 dedicated cybersecurity professionals working together across the Cyber Defence Operations Centre, digital crimes unit and other teams to help protect, detect and respond to threats in real-time.
The ability to bring such resources to bear on what Microsoft describes as security’s “ever-evolving state” means that cloud-centric operations are only going to become more ubiquitous over the next few years. As long as you have done your homework when it comes to your service provider, there is nothing to stop you benefiting from the cloud’s strengths in scalability, accessibility, cost-efficiency – and security.