Is Your Cloud Data Secure? Three Questions You Can Ask Yourself
We dive into some of the key ways you can protect your business’ most valuable asset.
Earlier this month, a massive Microsoft Exchange email service hack shook the tech world. It affected thousands of organizations globally and induced the assembly of a huge US Government task force. CEO of cybersecurity firm TrustedSec David Kennedy called it “literally the largest hack I’ve seen in my fifteen years.”
In a modern, cloud-connected business world, your most precious resource is your data. When you send your data to the cloud via the internet, the road it travels can be exposed to potential hacks, BGP route hijacking, and other cybersecurity threats. So how can you secure the road your data takes to the cloud?
According to Forrester Analytics Global Business TechnographicsⓇ Network and Telecom Survey 2020 and cited in the Forrester Consulting 2021 Cloud Connectivity Buyer’s Guide, just 29% of respondents reported security concerns in deploying and using multiple cloud platforms and environments. This statistic suggests that many businesses may not realize how much more secure they can (and should) make their cloud connections and platforms. Here are three questions you can ask yourself to ensure you’re keeping your precious data as safe as possible.
Are my connections private?
If you’re using public internet connectivity for any part of your data’s journey to, from, or between cloud destinations, one of the most important (and easiest) security issues you can address is how safe your data is in transit. While both private and public connectivity methods come with their own set of risks, it pays to invest in establishing direct, private peering between your data destinations.
Direct, private peering reduces your data’s exposure over the internet by reducing the number of Autonomous System (AS) paths that data has to take to get from point A to point B. Think of an express train that takes your information straight to its final stop, rather than opening its doors at each stop along the way. Then, once your data has completed its journey and is safely with a major cloud provider, it is also often safeguarded under their meticulous security policies and certifications. Megaport is one of the cloud connectivity solutions that provides direct, private peering on an affordable, scalable basis.
Once you’ve established direct, private peering to and from your cloud providers, you can go a step further and look at how your data moves between cloud providers.
Do I have a secure multicloud strategy?
Each time you transport your data, it’s at risk, so reducing its movement is critical. If you can move your data between cloud providers without it needing to bounce back and forth via a midpoint (which is often your on-premises infrastructure), you can reduce its vulnerability. Creating a secure multicloud connectivity strategy, where your different cloud providers can privately communicate with one another without having to constantly traverse the internet, is a great way to protect your data.
Kiwi.com is a great example of a company using a secure multicloud strategy. They deliver door-to-door travel bookings online and their customers average 100 million site search queries and 35,000 seat bookings every single day. For Kiwi.com, this requires a constant reliable connection between their Google Cloud and AWS workloads. This is where Megaport Cloud Router (MCR), a virtual routing service that offers private connectivity at Layer 3, comes in.
By using MCR between cloud providers and platforms, Kiwi.com has simplified its connectivity by privately peering between Google Cloud and AWS, protecting their data and shortening its journey.
Are my cloud connectivity platforms ISO certified?
You’ve probably seen reputable companies excitedly share which ISO certifications they hold, and for good reason: ISO certifications are international standards that specify requirements in areas such as quality management systems and information security management. They’re not just relevant to IT but across nearly all industries.
To get an ISO/IEC 27001 certification for information security management, for example, a company must meet a range of strict technical and legal requirements within its infosec management system, to prove that they have processes in place to safeguard data. An ISO/IEC 27001-certified company must also undergo periodic audits to ensure their continued compliance with the various requirements of the International Organization of Standardization (ISO) and the International Electrotechnical Commission (IEC).
It’s worth taking the time to check if all of the companies handling your data and IT infrastructure have relevant ISO certifications such as ISO/IEC 27001. Megaport has earned the ISO/IEC 27001 certification, and takes care to partner only with cloud providers that share the same values around information security.
With the increase in cloud connectivity comes a natural increase in the complexity of cloud security, and in a time when just about every business is moving application workloads to the cloud, it can feel like there is an overwhelming list of questions to ask. But if you start with examining these three aspects of your connectivity, you’ll be well on your way to protecting your most valued data.
Download Forrester Consulting’s 2021 Cloud Connectivity Buyer’s Guide
If you want to learn more about how to improve your cloud security, or what to look for in a cloud connectivity solution, download Forrester’s 2021 Cloud Connectivity Buyer’s Guide commissioned by Megaport.