We hear from many manufacturers that they are still nervous about their data in the cloud. It’s understandable since the data you generate and maintain is essentially your competitive differentiator. So, how can you tell whether a cloud solution will provide the level of security you’re comfortable with?
First, a cloud provider’s sole business is ensuring that your data is not only accessible to those who need it, but also that it is secure. If the provider didn’t do this, they’d be out of business.
Here are additional areas of security that you should look for from your cloud provider:
Complex Layered Security
Make sure the provider’s data center facilities are constructed to withstand disasters and other physical attacks. All data centers should be protected and monitored 24/7/365 and at a minimum require two-factor biometric and keycard access. If the cloud provider also encrypts data while at rest with FIPS-compliant ciphersuites, then you know they take security seriously.
Much like you plan to mitigate risks to your business or your supply chain, your cloud provider should mitigate threats to their systems. Tools like best-in-class firewalls enable classification and inspection of all traffic and assignment of comprehensive and security policies. Also, be sure to look for endpoint protection across the provider’s environments that blocks malware, exploits, and zero-day threats.
Security Policies and Procedures
Your potential cloud provider should maintain detailed policies and procedures that are routinely updated to reflect current best practices and threats. It’s important that the provider remain ahead of the curve in terms of their security posture and approach, including incident response plans and staff augmentation in the event of a major security issue. You’ll also want to ensure that the provider follows Center for Internet Security benchmark standards.
Testing should be a major part of the provider’s security practices. Third-party application vulnerability testing on a daily basis provides a constant view into the strength of the security processes and tools. You will also know that the provider is committed to security if they routinely conduct comprehensive quarterly vulnerability testing and biannual third-party manual network and application penetration testing.
The cloud provider can tell you all day long how secure their data centers are but validation from third parties is much more compelling. Make sure the provider conducts annual audits resulting in SOC 1 (previously known as SSAE 16) and SOC 2 reports that validate proper processes for financial reporting as well as security, availability, and processing integrity. These audits provide further evidence that the provider’s security policies are at or above industry standards.
If the cloud provider does all the above, you can rest assured that your data is secure. Because if you think about it, ensuring this level of security would be challenging to set up on your own. After all, you’re in the business of manufacturing not security.
For more details to share with your colleagues on Plex Cloud Operations, download our data sheet.