News Article
It is a common belief that data is more secure on company-owned servers at an onsite data centre but can Cloud providers offer a more secure environment?
A Cloud provider's business reputation depends on providing a secure environment for hosting third party data. A significant breach would greatly affect user confidence and have a negative impact on the provider's revenue.
Because of this, Cloud providers are investing heavily in security, personnel, software and processes to protect their infrastructure and Cloud users.
They are able to make large investments because they have the customer base to support it. Their level of investment is way above what most companies could put into their in-house security budget, which is generally aimed at protecting against today's threats, rather than researching and protecting against future dangers.
Cloud providers operate dedicated security operations centres, which are monitored around the clock, 365 days a year by teams of experts. Most Cloud providers operate on an "Assume Breach" model and make use of an extensive range of in-house software tools to quickly detect, respond and recover from attacks.
Alongside this, many Cloud providers have teams of security experts whose only job is to simulate attacks on the infrastructure and test their detection and response processes. Even very large companies have limited resources that can dedicate all their time reacting to issues and actively testing and simulating potential threats.
To meet the security commitments they make to clients, Cloud providers rely on rigorous process and security controls. Strict separation of staff roles and even locations exists between those who can access hardware and those who can access data. Entry to data centres is kept to an absolute minimum and staff are monitored at all times. Applying this strict process would be challenging in an onsite data centre.
Compliance is another area in which Cloud providers have invested in heavily out of necessity to win business in regulated sectors. This can save significant time and cost for companies that need to adhere to standards such as Payment Card Industry Data Security Standard or Service Organisation Control.
Gaining even a single compliance certification is a big job for an in-house team and requires staff with compliance expertise. For companies that have a need to be compliant with a standard, being able to use a Cloud provider that has already done the work for them, at least for the infrastructure layer, can be a significant time-saver, both initially and with ongoing certification.
Depending on your business, a Cloud provider may be a more secure and cost effective option for storing your data. Our recommendation is that all businesses should review their own hardware, software and data security on a regular basis and update as when required.
To discuss cyber insurance to meet your individual needs please contact Rees Astley Ltd on 01686 626019 or call at our offices in Market Street, Newtown, North Parade, Aberystwyth or Sweetlake Business Village, Shrewsbury.
Our Offices
- Address: 29 North Parade, Aberystwyth, Ceredigion SY23 2JN
- Phone: 01970 624261
- Email: aber@reesastley.co.uk
- Address: Mostyn House, Market Street, Newtown, Powys, SY16 2PQ
- Phone: 01686 626019
- Email: newtown@reesastley.co.uk
- Address: Sweetlake Business Village, Longden Road, Shrewsbury SY3 9EW
- Phone: 01743 296666
- Email: shrewsbury@reesastley.co.uk