Posts

Cloud services has been the talk of late within the security industry. Reduced cost of ownership and easy access to data 24/7 has spurred the development of cloud-based solutions,  touching every technology type within the security industry, from access control and video surveillance to mass notification systems and fire alarms.

It seems that nearly every technology, from an IP camera to a mobile credential, can leverage the cloud, whether that involves storing data in the cloud or having the system itself reside as a cloud-based application vs. an on-premise server. Still, a few vertical markets have been slower to adopt cloud, including big corporations and the higher education market.

Despite its widespread use and growing adoption, one question remains. Is a cloud-based solution truly cyber secure? For those who are adopting security solutions that reside on the cloud, here are a few questions to address.

Is your cloud-based system cyber secure?
Ensuring that a security system is cyber secure is perhaps one of the largest concerns for any connected device. At the device level, check to see if the product manufacturer has an internal cybersecurity program, where they are continuously addressing cybersecurity threats and issuing patches on a regular basis.

Cloud services should also follow cybersecurity regulations. Two of the biggest providers of cloud-services, Amazon Web Services and Google Cloud, subscribe to stringent cybersecurity requirements and best practices. For example, AWS supports 143 security standards and compliance certifications, including FIPS-140-2, which is considered the benchmark for cryptographic data protection.

Third party verification from independent auditors who review security procedures can also provide cybersecurity assurances. This audit would cover topics such as security of the physical data center itself to infrastructure maintenance and data center operating policies and procedures.

Does your provider have a disaster recovery plan?
Disaster is bound to strike, whether it’s a multi-day power outage caused by a major weather event such as a hurricane or tornado, or general system failure. A data center should have a disaster recovery plan that addresses these potential issues and to ensure service continuity.

One important question centers around the location of a data center’s redundant sites.  For example, are its data centers located in one geographic region, such as on the east coast, or spread across multiple areas? Having data centers in a variety of locations minimizes risk associated with a regional event, such as a weather event like a hurricane or tornado.  It also makes it simpler to failover, migrate, or serve workloads from different data centers.

A few other areas to address include how data will be protected from loss when backing up files, and how  your company will be notified if the data is breached.  Understanding these processes, and the procedures the data center would follow, can help to determine whether a cloud services provider is the right one for your business.

Asking these key questions can help to ensure that your cloud provider follows industry best practices for cybersecurity and data protection. Knowing that these provisions are in place can ease the transition to cloud-based solutions and the economies that cloud can offer.

This post was originally published on the Security-Net blog.