So far, we have covered the physical security of our datacentres and the operational security needed to run them and care for the data stored in them. Next we discuss network security essentials.

When discussing overall data security, the conversation typically shifts to network security because it is arguably the most vulnerable point of a system. When a datacentre or server is connected to the Internet and goes online it creates an entry point to your applications and data for the billion or so Internet-connected people and devices.

But with a good understanding of network security, there’s no need to panic. So let’s cover the tenets of network security.

As I’ve mentioned before, each layer of security (physical, operational, network and application) builds upon the other and it’s important to note that good operational security will mitigate some risks associated with your network. The latest OS patches, daily antivirus definitions, disabled or secured administration accounts, locked down firewalls, disabling of extraneous services and overall server hardening are all important for reliable and secure cloud service—and the SAS 70 and ISO 27001 certificationswe discussed last time will go an extremely long way to assuring you that your cloud service provider is protecting your data.

When asking how someone accesses company data through the network, HTTP/S, SSL, TLS and IDS are all acronyms that you should be familiar with.

HTTP stands for the Hypertext Transfer Protocol and it’s the standard that most websites use, however there are occasions when the server and the browser must communicate securely such that all data sent between the server and the end-user is encrypted, and that’s called HTTPS, or Hypertext Transfer Protocol Secure. HTTPS can use a variety of cryptographic protocols (ways to encrypt and decrypt data securely) such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS). To make a long story short: all sensitive information or data should be secured over an HTTPS connection. Otherwise, anyone on the same network as you (including wireless networks!) will be able to see all traffic you send to and from the service.

HTTPS isn’t enough; determined hackers are devious and will go to great lengths to probe your network for potential vulnerabilities. Servers that aren’t properly patched can be a weak point if hackers attempt to “sniff” network traffic or overwhelm a service with distributed denial of services (DDoS) attacks.

This is where IDS, or Intrusion Detection Systems, come in. IDS try to separate out genuine traffic from malicious traffic in order to keep a service running optimally and securely. Think of IDS like a home security system: they help to prevent burglars from getting in and if intruders do manage to get in, you are immediately alerted.

Be sure to ask your cloud service provider how all of this is handled: is traffic securely encrypted? Are firewalls locked down? Is network traffic monitored for potential intrusions?

The next and final topic will be application security.


Request a Demo
trillatron

© 2006 - 2019. All Rights Reserved.