Transitioning a business network to the cloud is a smart move for most businesses. If it is possible to manage your network and data off-premesis, it is usually advisable because:
- It decreases the need to manage and maintain hardware
- It decreases the risk of employee interference of data and the network
- The cloud offers unlimited redundancy and data backup options
- The cloud offers enterprise-level scalability, with unlimited room to grow.
Public Cloud and Affordability
The perceived primary benefit to public cloud is the price. Public is cheaper than private. At least, that is the hot take. Is ‘cheaper’ worth it, however, with the trade-offs that are made? Because there are trade-offs you should know about. These trade-offs are not usually discussed at length, so we will list them here so that you can make an informed decision. Public Cloud can be a great choice for you, but it all depends on how your business and data needs square with the caveats.
The best-recognized public cloud providers include:
Amazon Web Services (AWS)
For a comparison chart of what is offered between these services, there is a full table compiled by Datamation that can help a business discern which service will be a best fit. In a nutshell, public cloud offers “bundle” deals, and these deals usually include the following network and database solutions:
Artificial Intelligence Services
Function as a Service (FaaS)
Internet of Things Access
It is a pretty impressive list of features. However…
Public Cloud Pros and Cons: Security Gaps
It is important to know that there are other features critical to network security that are NOT typically included in the basic package deals. Most of the ones critical to most businesses are the security applications you need to keep your network safe. These security solutions are still available to you, but they usually involve additional costs.
Storage and Use Regulation Compliance
Different privacy and data protection laws govern different industries. HIPAA governs the healthcare industry, Sarbanes-Oxley covers accounting, and so forth. Whether a public cloud solution has in place all necessary data management regulations is up to the consumer to investigate. There is no governing law or policing entity here in the US that enforces public cloud providers to comply with regulatory standards. The EU has the new GDPR regulations, but there is not yet a parallel regulatory standard for US entities. This is not to say that any particular public cloud provider is going to be lax when it comes to pen testing, providing log and audit trails or business continuity capabilities. In fact, the various public cloud providers are always seeking to best the others with superior service, and even showcase the number of compliance standards and regulations with which they align. But, as with so many things, the devil is in the details of what is offered in the base price. What you must add on, to properly secure your data and network according to your specific needs, often adds extra expense. It is important for the business to have a conversation with the public cloud provider to make sure that all regulatory standards for its industry are met with the service, or if further data protection measures must be implemented. A good rule of thumb is this: If the public cloud service can say they comply with the EU’s GDPR regulation standards, it will be HIPAA compliant, Sarbanes-Oxley compliant, and all the rest.
Firewall, Login Security, and Single Sign-On
When a business invests in a public cloud solution, the business is simply renting space inside the public cloud. All the fixtures come standard. Public cloud has a nice, secure fence around it in the form of a firewall. It cannot protect your rented space within the cloud, however, if you invite in a bad actor.
As information and users leave the gate of the public cloud space, there is no protection. Your business is vulnerable to the bandits on the information highway, so there are additional measures to take that will further protect your data and communication movements between your public cloud space and everywhere else:
This is a critical feature a business should add to any public cloud service it employs. Multi-Factor Authentication verifies the identity of all communicators and network users with strong authentication. This prevents bad actors from hacking into user accounts, by which they could access your network and wreak havoc in your public cloud space.
This is highly recommended. Access control to all software and social systems with a single login credential through a process that maintains security and authentication helps improve infrastructure clarity. Of the public cloud services, Microsoft Azure includes this, but the others do not. Having this feature in place means it is much easier to lock down an account if one becomes compromised.
Public Cloud Offers Great IT Experts and Developer Services, but Privacy Is Compromised
One thing true about public cloud solutions is the size. Everything is big in the Public Cloud. Being big provides a certain ubiquity of developer services, and an architecture that is well supported by data centers around the globe, and with some of the best cyber security experts in the field.
So big, in fact, that the lines become blurred as regards what data is yours, and what it theirs. You are renting space in their place, after all, and putting your information in their property. This is a dangerous situation if that information is proprietary, private, or sensitive.
Facebook and Google are presently in the news with suspicions of data abuse. For the exact same reason, businesses must apply this concern to making a decision about a public cloud solution for their private records.
There are three primary areas of concern:
Once data is moved to a publicly hosted environment, it is very hard to move it out. To completely move it out will have a large price tag attached to it.
There is no guarantee that, upon moving data out of a public cloud account, that the cloud service does not maintain their own copy of that data.
If a set of records is supported by a software that might be changed out for another software in the future, there is no guarantee that the public cloud will support the transfer or the new software, or the move of the data.
DO NOT use a public cloud solution for sensitive records.
For example, EMR medical records, which contain social security numbers and personal medical information,
are not good candidates for storage and management on a public cloud.
When Public Cloud is at its Best
If you are simply storing and managing Word documents, Excel spreadsheets, video and image libraries, and other basic files that are not of a proprietary or sensitive nature, then public cloud is a no-brainer. This is when public cloud is at its best. If, on the other hand, your business requires more sensitive and secure handling of information, then you may need to investigate private cloud options.