Cloud security is quickly becoming a significant concern for companies, and as we begin 2020 this will unlikely change.
More and more business systems are migrating from the traditional on premise location through to a cloud provider, which can often offer more for less. The usual benefits are greater security, better redundancy, lower long term costs and improved business continuity, but how can it be ensured that the cloud security for the provider that’s been selected is moving in the correct direction and not degrading over time?
This is where thought leadership comes into play for the benefit of all. Thought leadership works off the back of following the trends being developed and provided by the leaders of the industry. The leaders can be companies or individuals that continuously break the boundaries and push the limits of what currently exist through bringing research and innovation into real world useable technologies. To really be a thought leader they will do this over and over – not just on a single occasion.
At present there are four major contributors to the cloud industry that can be considered thought leaders. They are Amazon Web Services (AWS), Microsoft Azure, Google Cloud and IBM Cloud. Why these four? They have all pushed for global performance through creating data centre presence across the globe, to maximise their and their clients resiliency, combined with internationally recognised and high demanding certifications. The certifications and resiliency create fantastic foundations for cyber security to be embedded into the cloud solutions that they provide because they can cover all aspects of security.
Good examples of certifications that they may adhere to include ISO27001, which is an information security management certification and builds upon an ISMS (information security management system); PCI-DSS, which is the payment card industry data security standard and is implemented to ensure card payment and storage facilities meet a high security standard; then there are data centre tiers that are also internationally recognised. The tiers are broken down into four levels, where level one is a basic data centre and tier four provides a fully fault tolerant facility with redundancy for every component and has an expected uptime of four 9’s (99.99%).
- Scottish Tech Firm Novosound Backed with £3.3m Funding
- Anomalous Secures Place on Boeing Accelerator Programme
- Drinks-on-demand Tech Firm Launches Fundraiser Campaign
Excluding the security regarding the physical premises and the compliance that thought leaders will have developed and dropped in place, there’s also some really interesting additional components that need to be reviewed when considering information security, for example service level agreements, non-disclosures and contracts are not always designed to mutually benefit both parties in an agreement like the previous components mentioned.
With regards to thought leaders, in the cloud industry they will have worked with many clients and have developed such agreements to meet as many requirements as possible. The documentation will have been through many rounds of revisions with legal teams, support teams and then presented to clients in the hope that the current versions of them work best for all parties involved. These as a result can often been seen as industry expectations and provide benchmarks for simple tasks such as turn around times for provisioning of cloud resources through to much more complex activities like troubleshooting faults.
To summarise, thought leadership in cloud security is the identification of those that innovate and research into provisioning cloud based hardware and providing cloud based services. Knowledge of these thought leaders benefits all, because if a business opts to use them they know of the significant investments that have been made by the cloud provider. And if they opt to use an alternative they can compare to the known thought leaders, to ensure that they provide equally high quality cloud security services.
- Jai Aenugu is the managing director at TheTechForce, a provider of cybersecurity services for medium and large businesses.