Businesses today are moving to the cloud. And there are obvious reasons for it.
Storing data in the cloud, running our workloads on it allows us to focus on innovation, bring new features to the market in minimum time, better utilize our resources, focus on customer demands as opposed to worrying about managing the data, infrastructure & stuff.
When brooding over whether I should move my business running on-prem to the cloud. The first thought that pops up in our minds is how secure will my data be in the cloud? How serious are the cloud providers regarding data security?
This write-up covers the various aspects of cloud security in-depth. The security practices popular cloud vendors today are following. I talk about stuff we should be aware of regarding the security in the cloud when planning to move our data to the cloud.
The intent of this article is to give you an insight into the security aspect of cloud computing which will help you make your decision whether or not to move to the cloud.
So, without any further ado.
Let’s get on with it.
There are two key things in-context to data, first is data security the risk of data being stolen by an evil person & the second is data privacy, even if the data isn’t stolen it can be accessed or sometimes handed over to the government in response to legal requests.
I’ll first talk about data security.
1. Security of Data in the Cloud
1.1 Data Backup Across Multiple Data centres Spread Out Globally
A massive upside of moving data to the cloud is replication/backup of data across different data centres spread out globally. These data centres have no dependency on each other & operate autonomously.
In case of any major power outage, technical issues or a natural calamity. The risks of data loss are minimal.
The data storage is carefully planned by the cloud platforms to avoid any chances of data loss due to external reasons as stated above. Also, since the data is spread out globally it is accessible by the end-users in minimum time due to the proximity of it.
1.2 Data Integrity
The distributed systems, offered by the popular cloud providers such as Google Cloud & AWS, which store massive amounts of data aren’t just developed as a part of cloud service offering but are first implemented in their own core businesses & when things are stable & battle-tested, they are made available as a public cloud service.
For instance, Cloud Bigtable Google’s NoSQL Big Data database service is used in Gmail, Google Search, Analytics & Google Maps.
We can be rest assured when we deploy our workloads on the cloud. It runs on state-of-the-art production ready battle-tested infrastructure.
1.3 Cloud Security Dimensions
There are a lot of dimensions when it comes to securing a cloud, right from securing a physical data centre to encryption data at rest & in transit to user authentication & securing application endpoints.
Let’s get a bird’s eye view of what they are:
Starting right with the data centre security here is a really cool video on how Google secures its data centres
The infrastructural layer security involves shielding the virtual machines & the containers.
Cloud platforms operate in a virtual private cloud with transport layer security restricting the access of any unauthorized entity.
Strong user identity management systems are in place keeping an eye on application access.
Data is encrypted at all times when at rest or in-transit.
All the software endpoints are secured, all operations are continually monitored for any malicious activity.
Have a look at the Google Cloud’s security page if you need to dig deep further into the security product offerings.
1.4 Cloud Security Partners
Often businesses have the need for dedicated custom security solutions such as firewalls, web proxies, cloud gateways, server end-point protection, distributed denial of service, container security etc.
Cloud providers establish a strong security ecosystem by partnering up with security firms & enabling the integration of their services with the cloud.
Now let’s move on to the data privacy aspect.
2. Privacy of Data in the Cloud
2.1 Security Policies & Compliance
Cloud providers have their respective policies & principles with respect to maintaining the privacy of our data on the cloud.
Have a look at the Google transparency report in context to data privacy & security.
There are security & privacy industry standards, regulations & certifications such as ISO 27001Managing information risks, ISO 27017 Controlling cloud-based information security, ISO 27018 Protecting personal data, SOC 1 Controls over financial reporting, SOC 2 Controls over security, availability, and confidentiality. GDPR Support for complying with stronger EU data protection laws etc.
Confirm if your cloud provider complies to the required certification or the standard.
There are often government requests, for the cloud customer data, received by the cloud platforms. Ensure what policies does your cloud provider has in context to this.
Since, the cloud providers comply with the latest certifications, run on state-of-the-art secure technologies. Businesses move to the cloud to make their data even more secure.
London based Fintech startup Ravelin is one instance where a company leveraged Google Cloud’s encryption management & cloud key management service to make its data more secure.
3. Benefits of the Cloud Security
Here are some of the benefits of securing our data on the cloud:
1. Our data storage is in compliance with solid security & compliance controls.
2. We can scale our workloads on the fly not worrying about the security of the data. Security scales inherently with the scalability of the workload.
3. We always have the option of using trusted security solutions from the cloud security partner ecosystem.
4. New innovative features are auto applied to our workload without any hassles. We do not have to worry about monitoring & upgrading security & stuff.
4. Storing Super Sensitive Data
In case you are working in a space where you just can’t risk streaming your super sensitive data to the cloud, for instance, military, government, finance, healthcare etc.
You can leverage the hybrid cloud infrastructure.
There are two upsides to this, first, reduced infrastructure management load on the business by moving workloads to the public cloud. Second, ensuring the security of your data by setting up a private cloud on-prem.
Slack is a popular workplace communication tool in the industry but in order to use that the data has to be streamed over to the Slack’s servers which might not be alright for a few companies with security prospects in mind.
This led to the development of Mattermost an open source team communication tool just like Slack which can be deployed on-prem.
5. A Checklist of Questions to Ask When Migrating to Cloud
Here is a checklist of things we should have in mind with respect to the data security when planning to move to the cloud:
- Is the cloud provider encrypting your data? Both at rest & in transit?
- Does the provider ensure that only authorized accounts have access to your data?
- Does it has a security marketplace with security products from different vendors in case you need it? How easy is deploying those tools on the platform?
- Does the cloud provider comply with security standards & certifications applicable to your business domain?
- What’s it’s policy with respect to government legal requests for data?
- Has there ever been any major security breaches or failures in the past?
- How secure the data would be in case you implement a hybrid architecture & stream your data over to the cloud?
- Does the provider has a dedicated security team to resolve issues as soon as they are encountered?
- How are the data centres physically secured?
- How are the users authenticated? What is the process for preventing network intrusions?
- What are the data deletion policies?
- How easy is moving the workload around from on-prem to the cloud & vice versa? Also, across multiple cloud platforms?
6. More on the Blog
Well, Guys!! This is pretty much it about the security on the cloud. Strategies cloud providers are employing to make their platforms bulletproof.
If you liked the article. Share it with your folks.
You can subscribe to the browser notifications to stay updated on the latest content on the blog. Do follow 8bitmen.com on social media.
I’ll see you in the next article.
- Distributed Systems & Scalability #1 – Heroku Client Rate Throttling
- Zero to Software/Application Architect – Learning Track
- Java Full Stack Developer – The Complete Roadmap – Part 2 – Let’s Talk
- Java Full Stack Developer – The Complete Roadmap – Part 1 – Let’s Talk
- Best Handpicked Resources To Learn Software Architecture, Distributed Systems & System Design