When organizations think about using the cloud they often think of accessing file share services like OneDrive or other productivity tools like OneNote. However, enterprise cloud adoption goes beyond these services. The cloud provides for the subscription-based economy to meet a whole variety of enterprise needs, including security.
Some security teams are beginning to move access control and video surveillance software management functions to cloud-based applications. These cloud-based solutions allow them to easily manage their security assets and gain remote access to their software platforms with less dependence on their IT departments.
As organizations are ready to start doing business in the cloud, they can choose from one or more of the following types of clouds:
- Public cloud – refers to a model in which the services are delivered across the internet.
- Private cloud – refers to a model in which that is designed for internal use by a single organization.
- Hybrid cloud – refers to a model in which a company uses both a public and a private cloud
No matter which model you choose, and you may end up with more than one, your corporate data is stored or presented to the cloud.
One potential risk of the cloud is that it may open your data up to threats and malware. Companies that embrace the cloud must understand, manage, and minimize the inherent risks in each cloud model.
Some questions to ask are:
- What certifications and standards are in place to protect you and your data?
- What access control provisions are in place to prevent unauthorized access to your data?
- What type of disaster recovery and business continuity options are there?
- What are the legal and privacy statements giving you ownership to your data and limiting data ownership to the public cloud vendor?
- What communication method is being used?
- How is the on-premises data communicating to the cloud?
- Is the data communication method using secure methods of communications?
Evaluating cloud services based on these measures is important to ensuring success. Failure to do so may lead to loss of data, data control, data privacy and ownership.
Understanding if this technology properly supports the overall business needs of your organizational objectives is also important. As with any strategic operational change, ask yourself these questions:
- Who do I need to interact with the system, who needs to vet it and who needs to approve it?
- What do I need the system to do and what would I like it to be able to do?
- What can’t my existing platform do to meet my needs and desires that the new technology will allow for and what is the value in this?
There is risk to implementing change; there is also risk to remaining stagnant. As with any new technology it is important to perform appropriate due diligence before making a significant migration. The best approach is always a collaborative one between security teams, internal IT resources and knowledgeable third-party security advocates to take a holistic approach on what best supports your organization’s current needs while planning for the future.