The rapid pace of change in business and emphasis on agility and innovation as makers of success means that digital transformation is a continuous process. However, being in a permanent state of intentional, managed change can tempt some into adopting an “I’ll do it later” mindset, which inadvertently leaves those business unprepared and unsecure.
This is no less true for cloud technology – whether implementing for the first time or migrating to a new solution. In their anticipation to adopt and begin reaping the productivity, flexibility, security and often, cost benefits of the cloud, some companies jump in headfirst without the necessary configuration planning. This may lead to ineffective out-of-the-box investments or plain unsuitable bespoke solutions that quickly need replacing.
Configuration isn’t the most exciting aspect of making a move to the cloud, but it’s important. Simply put, configuring your cloud before – and not after – it’s in use is the lowest risk, highest reward option for every business. Here, we explain four key steps to basic configuration.
- Audit your cloud servers
When we use something every day, it inevitably becomes part of the furniture. This means that we can become blind to the metaphorical dents and scratches, losing that sense of urgency to fix a problem. So, it makes sense to look at things with a fresh pair of eyes.
An audit is a great starting point for getting your cloud provision in better shape and performance. After all, it’s impossible to make effective changes if you’re unaware of what’s wrong, what could be done better and of course, what cybersecurity risks are present.
An audit shouldn’t just look at how your cloud solution is used – but the data it houses, too. Auditing is the perfect opportunity to locate and classify sensitive data that may be spread across your various cloud platforms while undertaking this exercise will also support your GDPR and PCI/DSS compliance (which goes hand-in-hand with cloud setup, given how many cloud breaches are a direct result of poor data protection practices).
- Customise from the get-go
Despite their pitfalls in terms of customisation and flexibility, public clouds are still a popular choice and depending on business needs, may suit you down to the ground. However, even if you’re only using a public cloud for storing archived data, that lack of meaningful customisation can come back to bite you. Click here for the differences between public and private cloud.
Say, for example, you need to access data at the request of a customer, colleague or enquiry, or even in preparation for data migration. This is typically quite a lengthy process when using public cloud services and you may risk not meeting service or compliance requirements, subsequently impacting business agility and customer relationships.
Customisation is far more than increasing accuracy and speed (which are of course, essential drivers of performance and productivity) then. It can have a very tangible effect on service delivery, which is ultimately what keeps customers coming back and your business in the black. So, make sure you work with a cloud provider that can configure your platform to exact needs and predicted use from day one.
- Pin down permissions and privileges
Misconfiguration is to blame for an increasing number of cloud platform security breaches. And don’t just think this means lines of code or complicated algorithms – it could boil down to that age-old cybersecurity fundamental – permissions. Take for example the infamous Capital One data breach, which triggered a major cloud-based cybersecurity crisis.
Due to misconfiguration of Capital One’s web app (based on Amazon’s public cloud infrastructure), a former AWS software engineer was able to access a customer database and leak more than 140,000 social security numbers, one million Canadian social insurance numbers, 80,000 bank account numbers, and an unknown quantity of customer names and addresses.
What truly put the sting into this event, though, was that specialist or insider knowledge wasn’t even necessary to execute the breach. It goes to show that any disgruntled third party could exploit lax permissions and privileges to compromise your business in the worst way.
Setting the malicious aside, innocent colleague errors could result in everything from slow performance and downtime to backup failures and accidental data breaches. Surveys have suggested that personal error is responsible for ever more cloud platform snags – something that could be readily resolved by ensuring that your using a customised private cloud platform which is immediately configured with specific colleague privileges.
- Integrate encryption
Permissions and privileges lead us nicely to encryption. Even if your cloud platform is watertight in terms of which users can and can’t take certain actions, in today’s age of chronic cyberattack threat, the risk of an outside force compromising your cloud (and the data and business applications it stores) has never been greater.
Public clouds are often out-of-the-box solutions which may not automatically encrypt your sensitive data, or the encryption on offer doesn’t mean company requirements or specific compliance standards.
Choosing a private cloud that’s customised to your unique business needs will ensure that should data fall into the wrong hands (as a result of cyberattack or disaster), it remains secure and impenetrable – a relief for your customers too. Briefing encryption when you first start talks with a cloud provider will provide the peace of mind that you’re entirely in control of your data and save you from hastily setting it up at a later date.
We appreciate that knowing how you need to configure your cloud is no straightforward task, so if you need advice or recommendations, why not book a consultancy session with a K3 expert? Just call 0844 579 0800 or click here for more about private clouds.