What you should know about IaaS security27 March 2017
Security is a central issue in most conversations about infrastructure as a service or any other form of cloud computing. Choosing a cloud solution entails an organization handing over some degree of control over how it manages its company data and IT resources. Accordingly, it is natural for administrators and their teams to be concerned about the safety of the cloud platform in question.
However, there is a precedent for IT decision-makers to come around on cloud security assurances. Microsoft Office 365 and Salesforce - the two most prominent SaaS offerings in the U.S. - both became enormous businesses for their respective vendors thanks to high levels of trust from enterprise users. Both applications proved to be more scalable, flexible and cost-effective than the corresponding on-premises alternatives.
For enterprises, IaaS is still behind SaaS in terms of adoption. A North Bridge Venture Partners survey found that between 2011 and 2014, SaaS uptake surged from 13 percent to 74 percent of its respondents. But only 56 percent were using IaaS in 2014. Concerns about security could be a major reason for this gap.
How secure is IaaS?
Many security-related qualms are as much about unfamiliarity with cloud technologies and best practices as they are about actual weaknesses in IaaS architectures. For example, IT research firm Gartner once estimated that through 2020, 95 percent of cloud security failures would be due to customer error. As a result of this trend, Gartner predicted that cloud access security broker services would become more popular as organizations seek to ensure a safe connection to the public cloud.
In assessing the security of an IaaS solution, it is important to focus on several distinguishing features:
1. Physical security
This term refers to the safety of the actual facilities in which the IaaS assets are housed. Are they properly shielded against intrusion? Are video surveillance cameras in place to monitor the premises? Are there proper access controls to block unauthorized personnel from entering? IaaS is only as good as the infrastructures it runs on, so these are important questions to answer before committing to it. Look for a Tier III or better hosting environment.
2. Data protection
Protecting company information is essential not only to the integrity of the organization, but also to complying with applicable rules and regulations. The identifiers to look for here include SSAE 16 (SOC-2) certification. SOC-2 demonstrates that a system is appropriately:
With SOC-2 assured, regulatory and statutory compliance is greatly simplified. This saves the cloud customer time, as well as money that would have otherwise gone toward checking off items on a list and double-checking that everything was in proper order.
Downtime is a major issue for all IT organizations. For almost all of them, an hour of downtime will cost at least $100,000, according to a study from the Rand Group. As such, it is crucial to have IaaS that is supported by redundant facilities, so that failure at one site can be offset by uptime at another. Data recovery and ready-state system replication provide excellent peace of mind that your IaaS platforms are robust enough to withstand technical hiccups and natural disasters.
"Downtime is a major issue for all IT organizations."
UbiStor solutions for secure IaaS
At UbiStor, we offer a wide variety of IaaS solutions that offer top-notch security, redundancy, and consistency. We will help you obtain only the safest infrastructures for running your IT workloads. Find out more today on our main IaaS page, and be sure to contact us directly with any questions.
Go back to Industry News