It will come as no surprise to those of you already leveraging cloud services that Forrester Research predicted that in 2018, cloud computing will become a must-have business technology. But what about compliance and security in the cloud?
The scalability, agility and cost model of the cloud allows IT teams to redirect their energy toward accelerating business initiatives without worrying about costly infrastructure investments.
As many have learned, however, it’s important when evaluating cloud providers to look closely at various elements of their services and here, with the help of Monica Brink, EMEA Marketing Director at iland, the provider of hosted cloud infrastructure, disaster recovery and business continuity as a service, we look at the security element.
Comms Business Magazine (CBM): What are the obvious security and complains questions to ask a supplier?
Monica Brink (MB): It is increasingly important to think about security and compliance when running both on-premises and cloud workloads. When implementing a hybrid cloud environment, make sure that you evaluate whether the cloud providers you are considering include built-in security and compliance tools that are available on the cloud platform itself. These tools need to be at least robust as, or even more robust, than what you currently have in your data centre.
Be sure to ask about the visibility and alerting available within security and compliance settings and if the provider will assist with remediation actions as well as compliance requirements for any regulatory audits your cloud workloads will need to be governed by.
As data protection laws and regulations come into place, especially with the onset of Brexit and the EU General Data Protection Regulation (GDPR), it’s important to verify that the cloud provider handles your data in accordance with data sovereignty and local data laws. You may be in a situation in which data cannot leave a certain country or geographic region. Make sure you understand how your cloud provider leverages their load balancing technology. You’ll want to know if this is regulated for you, and if the provider can guarantee data sovereignty and that it is not sent somewhere it shouldn’t be.
CBM: Are there any special security and compliance issues applicable in hybrid cloud deployments?
MB: As with any solution within a cloud structure, it is imperative that data sovereignty as well as encryption be foremost in the minds of organizations utilizing clouds. Additionally, due diligence of cloud providers should be undertaken to ensure that their operations performed at the platform levels are in accordance with policies, processes and regulations that govern the user’s organisation. Providers should be transparent and offer access to their polices and processes, as well as internal and external auditor reports, penetration tests and physical access reviews.
CBM: Could Brexit have an effect on cloud security and compliance and where do you see channel opportunities ahead?
MB: With the upcoming exit of the UK from the EU, customers that utilized the UK for access to the EU’s single market may face some challenges. There has been no certainty given around continued acceptance of the UK’s Data Protection Act as having adequacy post-Brexit, which may force the UK into an EU/US Privacy Shield agreement that will take time to formulate and ratify.
Additionally, it has clearly been articulated that the UK’s Information Commissioner's Office (ICO) will lose its seat on the European Data Protection Board (EDPS) after Brexit. Though parity exists today with the Data Protection Act (2018) and GDPR, there is a good chance that ‘drift’ will occur as the EU and UK part, resulting in mis-matching data acts.
For channels, all these services represent a great revenue opportunity especially for resellers that traditionally sold hardware based solutions.
Choosing a cloud provider is one of the biggest IT challenges out there. The cloud provider needs to be able to meet existing needs across capacity, services, support, security and compliance and be able to scale and grow to achieve future goals.