Forecast: Mostly cloudy with a chance of failure

Perhaps nowhere in business, and certainly nowhere in IT, does optimism abound more than it does in a discussion about “moving to the cloud.” Clouds aren’t always puffy, white cottony things dancing against an azure sky. Sometimes they are terrifying storms that have catastrophic affects.

IT professionals know that systems will eventually fail or get hacked and therefore almost always have back up servers and back up data that’s ready to restore after a failure. Somehow though, this diligence frequently dissipates when planning to move to the cloud.

Remember, “The Cloud” is a marketing term. There is no “cloud”, it is just somebody else’s servers. If you’re thinking of moving your applications or data to the cloud, or even if you already have, you should consider these things:

1. Read your T&C’s: Your cloud provider is probably not responsible for any consequences of a loss of service. If your customer database is (for example) in Microsoft’s Azure cloud services, and something goes wrong, then by the Microsoft online Services Agreement, the most you can collect from Microsoft is what you paid for the service and, of course, they are not liable for any costs you may incur from losing the service.

2. Backup like you weren’t in the cloud: Clouds fail. If you think that once you are in the cloud that you are protected, think again. A group at the University of California Berkley are so keenly aware of cloud fragility that they have proposed “Failure As A Service (FAAS)” to test large scale outages of cloud services. As they point out, “…the computing forecast for tomorrow is ‘cloudy with a chance of failure.’” The internet abounds with stories of epic cloud failures. Azure was down for 12 hours once on Feb. 29, 2012. Cloudflare, a SaaS company, went down for an hour on March 3, 2013 and took 785,000 client websites with it. It happens, and your business continuity planneeds to cover it.

3. Encrypt everything. What do you really know about where your data is stored and how protected it is from others? A Ponemon Institute report on data breaches revealed that 66 percent of the respondents of the 613 IT practitioners questioned believed that their organization’s use of cloud resources diminished their ability to protect confidential or sensitive information. Interestingly enough, the same investigation reveals that 51 percent of the same respondents said that their in-house IT was equally or less secure than cloud-based services. In other words, they weren’t satisfied with their in-house IT security, but felt even worse about security in the cloud.

4. Be aware of the “Cloud Multiplier”: The same Ponemon report suggests that there is a “Cloud Multiplier” effect to the cost of a data breach. Their research shows that the cost of a breach of 100,000 records from the cloud would almost double to $5.32 million versus an average cost of $2.37 million for the same size data breach from in-house servers. A separate report by Ponemon identifies “extensive cloud migration” as a contributing factor to the cost of data breaches.

5. Move routine data to the cloud – keep sensitive data in-house. No one cares about protecting your sensitive and confidential data and your trade secrets as much as you do. Don’t delegate protection of company critical information to someone else.

6. Use cloud services for back up. The cloud is a perfect back up location, especially when you need backups in a hurry (like when your system is hit by ransomware), but make sure that your data is encrypted before it is moved to the cloud and make sure your keys are accessible without your primary system being online.

The conveniences that cloud services bring to industry mean that it is here to stay, but those of us that are responsible for the security of our business’s data should be aware of the unique risks of cloud use and make plans for mitigating those risks. Like almost everything that provides convenience in our lives, an over reliance on that convenience can create even greater hardships during emergency situations.

Join the CSO newsletter!

Error: Please check your email address.

Tags public cloudFAASCloudprivate cloud

More about Microsoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael T. Lester

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts