How to build a safe cloud

1 Start with hardware

Ensuring a trusted and stable framework is in place should be the priority, beginning with securing the hardware. Cloud providers will differ in their management practices and procedures, and in order to establish that these guarantee your data’s safety, it is recommended to undertake an independent security audit of the cloud host.

The Service Level Agreements for availability of Reputable hosts' will be in excess of 99.9%, any less and protection could be severely compromised, while support needs to be guaranteed indefinitely. Ensure auto fail-over for hardware failures and consider adopting multiple instances of critical services.

Monitor and manage capacity so that additional hardware can be added long in advance of it being critical. If and when new or additional hardware capacity is needed, make sure it can be added without disruption.

Next Step

2 Plug and Protect

The security of any cloud system is only as good as the user authentication system. Ensure that user log in is protected by strong authentication procedures.

Ensure that the policies for these procedures and the protection of any password files are robust.

Make sure that stakeholders only have access to the resources which are necessary to their role.

Next Step

3 Know your software options

Bespoke software can present security risks – such as SQL injection and cross-site scripting attacks that can allow attackers to gain access to systems. It is important to establish a robust software development life cycle so that potential security errors can be remedied early in development and detected before they are deployed to the live environment.

Virtualised machines can run applications inside a contained environment so that additional software and data are unaffected in case the application malfunctions.

Software does require maintenance and the application of occasional patches. Procedures need to be in place to ensure that any modification to software is authorised and does not affect the integrity or availability of the system.

Next Step

4 Control your data

Data protection laws differ between jurisdictions; thoroughly research and identify the regulations that apply to your situation. Current legislation does not allow European nationals’ data to be hosted outside of the EU for example. Make sure that you are aware of the legal situation of the data which you process and how this relates to the laws of the jurisdiction where any data processing will take place.

Encryption is vital to secure data. Ensure that data is appropriately encrypted at rest and in transit. Also make sure that data is backed up and can be rapidly restored when required.

Rogue employees at data centres may cause concern - are they likely to take a backup of your data without permission? An independent security audit will allay such fears - rigorous procedures should be in place to prevent employees from leaving keys on virtual servers and making data accessible.

Hardware failures do happen. Cloud systems should ensure that data is replicated across different storage devices, so that the loss of any single device does not result in the loss of data. This hardware redundancy means that the cloud is ideal as a platform for backing up network connected systems.

Next Step

5 Address your vulnerabilities

The architecture of the system should take into consideration that sophisticated attackers may seek to penetrate or disrupt the functions of the system. Correctly configured firewalls may keep out some attacks, but denial of service attacks may require that some parts of the cloud service need to be isolated to protect the entire system.

Ensure that you know exactly which services are being accessed from the cloud and that these services are configured to prevent unauthorised use.

Install monitoring software to identify malicious files within the system and to swiftly alert staff to take action in case of a potential compromise.

Next Step