To get an insight into how cloud security works, we talked to our resident expert Videsh Juggernarth.
Cloud servers on average have high security levels which are set by original equipment manufacturers such as Microsoft, Unify, Amazon, and Google. They create the various products and services which service providers such as Nashua Communications provide. Original equipment manufacturers (OEMs) and service providers alike make sure that there is a basic level of insulation in place at all times, this refers to the basic level of security that is implemented when moving an organisation to the cloud. This basic insulation can be adapted or strengthened according to the customer’s specific security requirements. For example, a financial services company will have more stringent security requirements when compared to a retail organisation, even though they use the same cloud service.
There are many elements to cloud security such as securing your tenant, compliance, antiviruses, advanced threat detection, and so on. In the modern workplace you additionally have components of collaboration, communication and devices through which your cloud software is accessed. On top of these components, you additionally have your security and compliance layer. The security and compliance layer is essentially how you secure your cloud environment and is an area that customers regularly wonder about. Today we talked to our expert Videsh Juggernarth to pull back the veil and give you a glimpse of how your data is secured in the cloud.
What are the security protocols that protect the cloud servers?
Due to the nature of the industry (namely that the cloud environment is prone to threats and is constantly under attack), OEMs make sure that they are always on the ball and up - to - date in terms of security measures that they have in place to counteract these threats. They have teams that detect the threats and correct any issues that may arise before the end user even realises that there is a problem. Their security solutions are constantly evolving and OEMs make sure that service providers such as Nashua Communications uphold their stringent security protocols. Nashua Communications also makes sure that the security measures they have in place meet industry standards ensuring that consumer data remains secure at all stages within the cloud.
Security starts with securing the customer’s environment and infrastructure and then becomes a matter of protecting the data. There are essentially two components which the OEMS and Nashua Communications adhere to when considering the protection of user data - the European General Data Protection Regulation (GDPR) and the South African Protection of Personal Information Act (POPI or POPIA). GDPR and POPI are similar and seek to ensure that data is protected. GDPR came into effect in 2016 while POPI will come into effect in 2020.
Nashua Communications ensures that its customers are GDPR compliant and when POPI is launched in 2020, all customers will have most of their compliance in place since the two are not very different. Becoming POPI compliant will entail a simple addition to the customer’s security layer.
Is it safe to share data infrastructure with other customers in the cloud?
Yes. Cloud technology still relies on physical infrastructure for example data centre facilities and hardware. Using economies of scale, cloud providers can acquire the best built-to-order data centres with physical protection and continuous monitoring that is not feasible for smaller solutions. The size of the cloud providers also gives them more clout with vendors over security practices. They also use their market size to standardise hardware and firmware implementation with their vendors.
While multiple tenants may be using the same physical infrastructure, cloud architectural design is robust enough to separate their data. Each tenant is provided with data-at-rest, data-in-transit and end-to-end encryption. Tenant-specific solutions like Active Directory can also add an extra layer of security.
Can sharing the same data infrastructure in the cloud with other customers affect my data?
With multiple tenants sharing the same cloud service, there is a natural fear of co-mingling. Co-mingling is an issue when multiple tenants share an application stack or when cloud providers store data from multiple tenants in the same database table-spaces and backup tapes. Customers often worry that their data could be corrupted or destroyed by other customers on the cloud. This is one of the areas where service providers like Nashua Communications offer extra security by providing:
- network access control and segregation
- network filtering to prevent spoofed traffic
- traffic flow policies on devices
- restriction of inbound/outbound traffic through ports and protocols defined by the customer
How compliant are cloud providers to South African data protection and privacy laws and regulations?
Cloud providers are careful of abiding by laws with regards to data and its protection. In many cases, South African cloud service providers such as Nashua Communications, follow standards which are set by the OEMs by default. This is in order to maintain the security levels and service level agreements (SLA’s) which have been set by international bodies surrounding GDPR and POPI. This also ensures that all data is protected in the same manner irrespective of where the data may reside.
How does partnering with Nashua Communications increase my security?
There are three phases to getting to a full solution namely:
- driving value
Any partner can on-board a client onto a cloud service. The difference with Nashua Communications is that they do a full turnkey solution from enablement right up to adoption and securing the installation and deployment. Thanks to its decades of experience, Nashua Communications is able to understand the customer’s environment better than any other provider out there. They know where the blind spots are and what compelling challenges occur in that environment. Their insights into the customer’s environment allow Nashua Communications to create a baseline for security and build it from there according to the customer's needs.
How is data traffic treated? How does the system differentiate between legitimate data traffic and malicious data traffic?
When dealing with data and differentiating between the different types of traffic, OEMs and service providers alike have software-as-a-service (SAS) systems in place. These systems allow for OEMs and service providers to scan all incoming and outgoing data traffic to establish whether or not the data is safe or malicious. For example, if an incoming email is flagged and seen to be malicious (virus, spam etc.) it is:
- separated from the main data stream and quarantined before it enters the customer’s environment.
- a notification will be sent to the customer alerting them to the threat.
- based on the threat level of the quarantined item it is then cleaned or rectified and sent forward to the user after a notification has been sent informing them of their compromised data.
So as soon as the system flags data as dangerous, it is quickly removed and isolated so that the infection does not affect the rest of the data residing in the cloud. Note that the OEM (Microsoft, Amazon, Google etc) takes full responsibility for all your security and your service provider such as Nashua Communications augment security services is responsible for administrative security functions.
What levels of encryption are used in the cloud?
As mentioned earlier, OEMs and service providers give cloud service users basic levels of encryption which can be bumped up if the user needs higher levels of security. There are various levels of encryption and security that come into play when it comes to data that is being stored on the cloud depending on how sensitive the data is.
OEMs expect service providers, such as Nashua Communications, to adhere to the strict rules that they have in place when it comes to safeguarding data. They also expect service providers to also use the comprehensive encryption used by the OEMs. The level of encryption additionally relies on the customer’s needs. Massive organisations like government entities which handle highly sensitive data may need levels of encryption that are far above those for an SME.
Why should I choose Nashua Communications as a cloud services provider?
Nashua Communications provides a complete end- to- end service. They stay with the customer and guide them every step of the way. They make sure all the solutions that are installed are done soto a standard that meets the international security protocols set out by the OEMs that Nashua Communications partners with. Nashua Communications prioritises understanding exactly what it is that a customer needs. Through the application of their vast experience they assist organisations in implementing solutions that uphold OEM security standards while also making sure that all the solutions they implement are safe and security measures are kept to the highest standards, Essentially, they provide full turnkey solutions which refer to comprehensive end - to - end solutions that incorporate a base level of security which customers can improve if they see fit.
Do you want to know if your current cloud security measures are up to scratch? Get in touch by clicking below and we’ll help you find out.