The term “cloud” for business is sometimes thought of as overused and even diluted. Most companies are already using some form of cloud service but defining the term “cloud computing” can be difficult. Plus, using different types of cloud services mean different risks in terms of security.
“The term ‘cloud’ has become really over-loaded,” said Eric Boyd, director of Brookfield-based Centare Group’s Chicago region and cloud practice. “A lot of the big security issues arise when you are talking about challenges presented by the public cloud, but there are obvious steps you can take to make sure your information is handled securely in any cloud environment.”
According to Boyd and other industry professionals there are a few types of cloud environments that can all be useful for business purposes.
There is the public cloud, which includes platforms such as Facebook, Flickr, Gmail, Hotmail and other online solutions. Public cloud providers can present some security risks for businesses. Boyd recommends being acutely aware of the information stored in those environments.
“The biggest issue with the public cloud space is that you don’t really know who can see your information or where it is being stored,” Boyd said.
There is also what is known as the private cloud and even a hybrid cloud that combines aspects of both public and private cloud environments.
“The private cloud is really somebody’s internal data center handled in a different way,” Boyd said. “A company’s private servers can be located in the company or they can be located in a remote data center. The information stored there is private and is not being hosted by a third party company like Google or Amazon.”
Data encryption is a common practice for companies working in a public or private cloud environment. It has become particularly useful with the emergence of mobile devices for business.
According to Sarit Singhal, president and chief executive officer of Brookfield-based Superior Support Resources Inc., there are a couple of major concerns that companies should be aware of when storing information in a cloud environment.
“In a private cloud environment it’s important for business owners to designate who has access to what information,” Singhal said. “Businesses have the capability to not only designate who has access to what. They also can, and should, create varying levels of access for specific types of information. A lot of big security risks come from inside the company.”
Companies also should take action when employees no longer work for the company to revoke their access to all networks, he said.
Individuals should also be coached on their use of passwords, Singhal said.
“We all do it. We use the same two or three passwords for every login because we don’t want to or can’t remember them,” he said. “Some of the major compromises to data happen because someone gets a hold of a password and login and they test it in a variety of different cloud environments.”
Singhal recommends the use of password manager software so individuals can use multiple passwords for business and personal use without the fear of forgetting, he said.
When working with a third party to set up or host your company’s cloud services, it’s important, according to Singhal, to know the individuals who will be working with your data.
“It’s important to know who will be seeing or have access to your data,” Singhal said. “It’s ok to ask your providers who will be handling the support on your network and what their hiring practices are in regards to certifications and background checks. If the data is encrypted it’s important to find out how that data will be protected as well.”
Businesses need to be comfortable with where there data is going to be, Boyd said.
“Information and data can sometimes be a business’s intellectual property and it should be treated as such. If a company isn’t comfortable putting some type of information on the cloud there are ways to do a public/private hybrid with a bridge that could help the company start down the path of having a fully cloud-based system.”