As businesses move their IT solutions to cloud based services, they must accept a paradigm shift in many of the security models that they have simply taken for granted for so many years. Moving critical services and data outside the physical confines of the data center means letting go, trusting others to safeguard the critical data, and to securely provide the services business counts upon to function. If your company is considering a cloud based service, here are some of the changes that will come with that.
You are no longer in control
Your service provider is. You can open tickets, and escalate issues, and contact your account manager, but at the end of the day, you are one of many customers, and your service provider has their own processes and procedures that they will follow, and they can’t and won’t bend or break any rules just because you are in break-fix mode. Things like firewall changes, that could be done in a few seconds, may take hours or days to wind their way through approvals and change control. Service providers can move very quickly in an emergency, but your failure to plan does not constitute an emergency to them, so be prepared for longer lead times.
You cannot just touch it
There’s something comforting about being able to go into your data center and touch your servers, to log on to the console, and to review the logs. You won’t have that level of access to a cloud solution, so you need to be prepared for less access, and the feeling you’re disconnected.
You won’t always know who is touching your data
When your resources are on site, you know exactly who is doing what to your data. You interviewed them, did their background checks, and work with them every day. Your cloud service providers personnel are faceless and nameless, and that can be a challenge for those with trust issues. Make sure you understand your provider’s hiring practices, and are willing to accept that sometimes there’s going to be access from generic accounts.
Audits are on your providers’ terms
Reputable service providers will maintain compliance with all the regulations and standards, and will be independently audited for the key security accreditations. They usually won’t be willing to open their doors and spend time with your auditors. Make sure that your service provider complies with whatever legal or regulatory requirements you are obliged to meet, and that any external agreements you have with customers will accept this.
If your business is considering a move to the cloud, discuss these amongst your team, and make sure you are comfortable with these changes, and are willing to accept them. Processes will need to change, and so will mindsets. Change is good, you just need to understand it and know what to expect.
About the Author: This article was written by Casper Manes on behalf of IT Channel Insight, a site for MSPs and Channel partners where you can find other related articles to managed IT services