Security in the Cloud

Posted 7 November 2016 12:00 AM by Faizan Shaikh, User Engagement Analyst @ ClearPeople

Data— whether it’s the emails of a presidential candidate or your customer’s financial information— can be a risky thing to be holding onto. Not just because there are entities that wish to take advantage and exploit it but also because of the liability for allowing such confidential information to be compromised. If you are hacked, your IT systems are sure to be placed under the closest scrutiny in the aftermath of the incident.

This month TalkTalk, one of the UK’s largest telecoms company, was fined £400,000 for security failings that allowed their customer’s data to be stolen following a cyber-attack. The damning indictment came as ICO (Information Commissioner’s Office) claimed the information of nearly 160,000 customers was stolen “with ease”.

Is the fine unfair? After all, TalkTalk was the victim of the malicious SQL injection too. An ethical dilemma, sure, but easily justified by the ICO who took the position that “hacking is wrong, but that is not an excuse for companies to abdicate their security obligations”. A precedent is therefore set in the IT landscape— your business has a responsibility to keep its IT and security systems up to date to modern threats and modern compliance standards.

How Safe are you in the Cloud?

Distrust of the cloud isn’t new and the misconception of holding data externally is going to be stronger than ever in light of the recent hack. A popular belief is that having ‘control’ of your servers is equivalent to having good ‘security’— the other misunderstanding being that hosting in the cloud means you relinquish all ‘control’. Both assumptions couldn’t be further from the truth.

Microsoft’s Azure cloud computing platform is all about providing you with a host of cloud services, but more importantly the peace of mind that your data and systems are protected. The principals to which Microsoft holds itself and its cloud services are:

Security: Keeping your Data Safe
  • Federating user ID’s to Azure Active Directories means only individuals you want signing into your cloud systems will be able to get in    
  • Regular penetration testing (a necessary step to reducing the likelihood of the SQL injection attacks that targeted TalkTalk), intrusion detection and DDOS attack preventative measures       
Privacy: Own and Control your own Data
  • Everything you place in Azure is 100% owned by yourself. It is not used for data mining and you have access to it at anytime and anywhere (or you can define where you want it accessed)    
Compliance: To Global Standards
  • Microsoft conform to leading data protections and privacy laws applicable to cloud services, these are shown plainly so you can decide if Azure complies to the laws and regulations applicable to the industries you are part of
  • Country specific standards are adhered to when possible, to help organisation comply with national and industry specific requirements which alter and governs the way you may collect and use an individual’s data
Transparency: Know how your Data is Stored ans Accessed
  • Microsoft only provides access to customer’s data for their engineers performing key maintenance tasks and upgrades. Strict controls to govern access is given to perform the tasks and is immediately revoked upon completion
  • At all points in time you will be able to find out where your data is stored, and under which conditions it’s accessed. You will also be notified if there are any changes to Microsoft’s service Microsoft even shows you where all its data centres are globally, check them out here

Protection against external threats and non-compliance

Without a doubt your strategy should be double pronged. Not only does your organisation need protection from external threats, but you need to have performed the due diligence on your systems so they are fit to securely hold your customer’s data— failing this is what leads to fines for negligence.

Secondly, Cloud technology mitigates a lot of your technology risks by performing much of the maintenance as part of your hosting agreement. Immediate updates to security are made available to all systems as soon as they’re released, and these releases tend to happen more frequently than they would if your organisation was managing your entire IT landscape.

With that said, according to the Cloud Security Alliance, 73% of companies are held back from adopting cloud technology due to concerns over the security of their data. The second most persistent concern (38%) is about regulatory compliance of their data being held in the cloud. Many organisations may have rightful concerns over their data in the cloud, but many of you may also have unfounded fears based on headlines similar to the ones we saw this month.

Get in contact with ClearPeople today if you’d like to talk more about cloud security and regulatory compliance in the Cloud, and we’d be more than happy to discuss the options specific to your industry.


Add your comment





intranet Modern SharePoint teamwork employee engagement digital workspace SharePoint JavaScript Windows Azure Digital Transformation staff satisfaction productivity Microsoft Teams Office 365 Yammer cms content management system agile GDPR Microsoft Graph collaboration Microsoft sharepoint 2016 upgrade migration SharePoint Online 2016 Tech Trends Digital Disruption Context marketing marketing SharePoint 2010 SharePoint 2013 TFS Git security kentico Analytics jquery QA Quality Assurance testing content management websites Sitecore sitecore marketplace sitecore module cloud Microsoft Cloud Storage digital strategy technical consulting sitecore modules Experience database Sitecore 7 Sitecore 8 support account management customer experience Data Storage cms integration front end front end development prototype Cloud Storage StorSimple Front-end Development Layout SharePoint 2013 colour palette UI design website design log viewer sitecore cms website Azure big data business-critical sharepoint accessibility android apple chrome clear people clearpeople debug emulator ios mobile testing opera resize adobe desktop flash ie10 internet explorer 10 metro windows 8 bcsp Advanced System Reporter reporting framework ControlMode form control master page placeholder publishing console SharePoint 2007 SharePoint error search search results search values software testing testing scenario audit content information architecture retention schedules PowerShell QuickLaunch scripts SharePoint server 2010 business solutions metalogix replication replicator storagepoint stena technet UK Technet picture library slideshow web part RTM released to manufacturing caml caml query MOSS 2007 query infopath