To the extent that they understood it at all, corporate executives have often regarded talk of deploying critical business applications and data in “the cloud” with suspicion: “How,” they asked, “do we guarantee security when our applications and data are in someone else’s data center, not ours?”
It’s a fair question. It’s easy to assume that giving custody of your data—among your most valuable assets—to some nameless, faceless server farm somewhere in the cloud is inherently less secure than when it’s safe at home in your own data center.
But with careful design, configuration, and monitoring, hosting your data and applications in the cloud can in fact be much more secure than doing so locally.
The term “cloud” means different things to different people, so let’s review some of the terms and technology around cloud hosting.
First, “the cloud” is not “the internet” or “the World Wide Web.” The best way to think of “the cloud” is that cloud-based applications behave the same way that desktop applications do; the user should neither know nor care that the computational heavy lifting and data storage is actually occurring on a server in a building in another state or even another country.
In a typical cloud setup, a business purchases services from a cloud provider. Two of the most prominent cloud providers are Amazon Web Services (AWS) and Microsoft Azure. Services can take many forms, depending on the business need. Some examples include:
- Database hosting
- Application hosting
- File system hosting
- Web hosting
- Network infrastructure hosting (such as firewalls, virtual private network services, and wireless access controllers)
- Security services, such as web filtering and spam control
When you sign up for cloud services, you typically get one or more “virtual servers.” A virtual server is a server that is defined in software, and usually shares hardware resources (such as CPU cores, memory, and disk space) with other virtual servers. The virtual server model increases efficiency by minimizing the amount of time that hardware resources sit idle.
Advantages of Cloud Deployment
At AndPlus, we often recommend that our clients use a cloud model to deploy the applications we build for them. There are numerous advantages to cloud deployment:
- High availability. You can configure your cloud deployment so that in the unlikely event of a virtual server failure, another server can seamlessly take over.
- Backups. Cloud service providers offer backup services—no need to fuss with local backups to tape or keeping tapes off-site.
- Disaster recovery. If some disaster befalls your premises, your data and applications are safe and available when you are ready to continue business.
- 24-7 support. AWS and Azure provide round-the-clock technical support, with contractual uptime and issue resolution commitments to get you back up and running promptly if anything goes wrong.
To return to the question of cloud security: How can the security of your business-critical apps and data be maximized in the cloud? At AndPlus, we recommend one or more of several possible approaches:
- Whitelisting IP addresses. With this approach, the only people who can access the server are users, such as development team and client, who access the system from specific external-facing IP addresses. In addition, you can set up the database server so that only the application server can access it.
- Encrypting databases at rest. Even if someone somehow managed to break into the database server, unless the database was in use at the time, the data would be encrypted and therefore useless.
- Load balancing. This strategy can mitigate distributed denial-of-service (DDoS) attacks.
There are other security options available as well. Even the cloud providers themselves don’t have access to your virtual servers (unless you let them). On top of all that, the cloud providers have Pentagon-tight physical security and multiple physical locations to ensure continuity in the event of a disaster at one of their sites.
Developing this kind of security independently would cost a fortune to implement, or to buy separately from a third-party provider, but the cloud services can provide it for an incremental cost as part of the subscription. Far from being a gaping security risk, cloud hosting can provide a better, more cost-effective security environment than hosting in your own data center.
At AndPlus, we are always looking for ways to maximize value for our clients, and the cloud is an increasingly attractive option. Call us today to explore options for your business-critical applications and data.