<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1066757590101687&amp;ev=PageView&amp;noscript=1">

07 Jun 2018

Security In the public cloud: Finding what's right for you


Security concerns in the cloud pop up every now and then, especially when there has been a public breach of some sort.

Teemu Lehtonen

Security concerns in the cloud pop up every now and then, especially when there has been a public breach of some sort. What many businesses still don't realise is that the public cloud is a shared responsibility, from both the cloud provider and customer. Unfortunately, 99% of these breaches are down to the customer, not the cloud provider. Some of these cases are due simply to the customer not having the competences in building a secure service in the public cloud.
Cloud comes in many shapes and sizes:
    • Public cloud platforms like: AWS, Azure and GCP
    • Medium cloud players 
    • Local hosting provider offerings
    • SaaS providers of variable capabilities and services: From Office 365 to Dropbox 
However, if the alternative is to use your own datacenter, the datacenter of a local provider, or a SaaS service, it's worth building a pros and cons table and making a selection after that. 
 
Own data centre Local hosting provider Public cloud
  • Most responsibility 
  • Competence varies 
  • Variable processes 
  • Large costs
However - Most choice in tech 
  • A lot of responsibility 
  • Competence varies 
  • Variable processes 
  • Large costs 
 - Some choice in tech
  • Least responsibility 
  • Proven competence & investment
  • Fully automated with APIs  
  • Consumption based

 -Least amount of choice in tech 

 
 
Lack of competence is typical when a business ventures into public cloud on their own, without a partner with expertise. Luckily: 
      • Nordcloud has the most relevant certifications on all of the major cloud platforms 
      • Nordcloud is ISO/IEC 27001 certified to ensure our own services security is appropriately addressed 
      • Typically Nordcloud builds and operates customer environments to meet customer policies, guidelines and requirements
Security responsibilities shift towards the platform provider the more high value services like IaaS, PaaS, SaaS are used. All major public cloud platform providers have proven security practices with many certifications such as:
  • ISO/IEC 27001:2013 27013, 27017:2015
  • PCI-DSS
  • SOC 1-3
  • FIPS 140-2
  • HIPAA
  • NIST

The more cloud capacity shifts towards the SaaS end of the offering, the less the business needs to build the controls on their own. However, existing applications are not built for the public cloud and therefore if the application is migrated to the public cloud as it is, similar controls need to be migrated too. Here's another opportunity to build a pros & cons table: Applications considered for public cloud migration 'as is', vs app modernisation. 

'As is' migration Modernise 
  • Less benefit of cloud platform
  • IT driven 

BUT

  • You start the cloud journey early
  • Larger portfolio migration
  • Time to decommission old infra is fast
  • Slower decommissioning 
  • Individual modernisations
BUT
  • You can start you cloud-native journey
  • Use DevOps with improved productivity 
  • You have the most benefit from using cloud platforms


Another suggestion would be to draw out a priority table of your applications, so that you gain the full benefits of the public cloud. 
 
 
In any case, the baseline security, architecture, cloud platform services need to be created to fulfil requirements in the company security policies, guidelines and instructions. For example: 
  • Appropriate access controls to data
  • Appropriate encryption controls based on policy/guideline statements matching the classification 
  • Appropriate baseline security services, such as application level firewalls and intrusion detection and prevention services
  • Security Information and Event Management solution (SIEM)
The areas listed above should be placed into a roadmap or project with strong ownership to ensure that the platform evolves to meet the demands of applications at various stages in their cloud journey. Once the organisation and governance is in place, the application and cloud platform roadmaps can be aligned for smooth sailing into the cloud where appropriate, and the cloud native security controls and services are available. Nordcloud's cloud experts would be able to help you and your business out here. 
 
Found out how Nordcloud helped Unidays become more confident in the security and scalability of their platform here.
 
 

About Nordcloud

Nordcloud is a European leader in public cloud infrastructure solutions and cloud native application services. Since 2011 we have completed more than 500 deployments to help our enterprise customers gain the maximum benefits of the cloud, including security, agility, scalability and overall cost-savings. With more than 300 cloud experts across Finland, Sweden, Denmark, Norway, Poland, Germany, the Netherlands and the United Kingdom, Nordcloud can offer the full range of cloud-integration services for any international enterprise. Nordcloud is an AWS Premier and Managed Services Partner, Microsoft Azure Gold Cloud Partner and strategic Google Cloud Platform Partner.

If you'd like to talk with Nordcloud to see how you can benefit from the cloud then contact us and we'll arrange a meeting for you with one of our cloud experts.
Contact Us