Customers should not dismiss the cloud unnecessarily

Negative hype about the cloud should not discourage customers or the channel, says Graham McLean

McLean: Cloud security may actually be better than what SMBs currently have

Not a week goes by without someone talking up security worries about cloud computing. This may discourage customers who would actually benefit from the sort of infrastructure and processes that come with cloud offerings.

Of course, customers should move cautiously when radically changing their IT. But when you actually look ‘under the covers’, it becomes clear that many smaller businesses would actually get better security and resilience in the cloud.

Let us start by examining a typical SMB. It might have a head office with a main server housing corporate data, and several regional sites, some of which might have a secondary regional server linked to headquarters via a wide area network (WAN).

There will very likely also be some small remote offices and home or mobile workers connected via a virtual private network (VPN).

Business data is stored in numerous places, and passes over several network and internet links, including information in potentially less secure places such as home desktops and mobile laptops.

Compare this to a cloud set-up where all data is kept in a single secure central datacentre for employee access. There is minimal information stored on client devices or regional servers, and it can be argued that this is an immediate security improvement.

With less data flying around, stored in separate places, you reduce your vulnerability.

Using a single provider for hosting and connectivity will create private clouds kept completely separate from the internet, giving greater security and high performance.

People sometimes worry about their business data being kept on virtualised servers in cloud datacentres. But data from individual cloud customers is fenced off by industry standard firewalls at least as – and probably more – secure than the firewalling employed by those same customers within their own environments.

There is no magical way for data to leap between different customer environments on a cloud server.

I think one of the problems is perception. People assume that if data is stored on their own servers and within their own WAN it is more secure. But not every corporate network or server is safe.

But infrastructure operated by a cloud provider is mission-critical – it is the cloud provider’s core business.

Take the physical aspects of security and protection. A good cloud service will generally be delivered from a third or fourth tier datacentre, manned around the clock by security personnel using surveillance systems. They will have state-of-the-art temperature-controlled environments, fire suppression systems and multiple power feeds from separate sources.

It would be hard for all but the largest organisations to match this in-house.

Similarly, a cloud provider will generally employ certified IT security professionals who understand the responsibilities involved with securing an infrastructure. Very few small organisations would have someone like this on their staff.

So cloud customers are likely to notice that everyday processes, such as the installation of security updates and patches, may be tighter. Many companies with small IT departments – especially if they support remote and homeworkers with mobile devices – struggle to keep everything updated.

Similarly, a cloud provider will introduce rigid processes for backup, with nightly or more frequent backups stored in multiple locations and regular testing of restores.

They should have a detailed disaster-recovery plan, with the necessary systems, which sets out how they will quickly redeploy customers’ environments to a secondary location in the event of the primary datacentre being hit by disaster such as fire or flood.

Some people are worried about cloud providers’ staff handling their data. Could they be a bigger source of breaches or leaks than internal staff? If this is a worry, then many cloud providers will let you house your own servers within their datacentres, with only your own staff allowed administration rights to the data.

Therefore, it’s important that customers do not shut the door to the cloud merely because they are put off by the headlines. It is worth them at least investigating the possibilities.

And their existing channel partners, from whom they are used to buying traditional ‘on premise’ IT services and hardware, can demystify the cloud and help build the trust required.
Graham McLean is managing director at CI-Net