Jason Boyle, Director of Technology Solutions at PFH recently sat down with Alex Meehan to discuss the benefits of the Cloud for security driven organisations.
Irish companies are becoming increasingly dependent on the technology they use to do business. But for all the advantages tech brings, it has undoubtedly made life more complicated for the IT professional.
Storage, computing, networking, applications and security — all have to be kept up to date and monitored constantly, taking time and resources away from the core activities of the business. Unless, that is, they’re outsourced to the cloud.
Offloading the operation of key IT assets to third-party providers increasingly means that keeping everything up to date and protected can be someone else’s problem. And according to Jason Boyle, director of technology solutions with PFH Technology Group, there is significant growth in two distinct areas of cloud — infrastructure as a service and software as a service — and some of the main reasons are security and cost.
“What we’re finding is that in each one of those areas, there’s a significant increase in adoption rates, and the primary reason is cost reduction. Now, I know people say the cloud isn’t cheaper than onsite, but it depends on how you quantify costs in terms of administration, overheads and security,” he said.
“The traditional way to view security is to ask ‘is my data secure?’ and ‘can I safely put data in the cloud and know where it resides?’. While that’s a concern, we’re seeing it reducing in importance because bigger risks are being posed, such as ransomware viruses.”
The thinking, according to Boyle, is that these security worries are driving Irish companies towards cloud technologies in order to take advantage of the superior security measures typically provided by the biggest names in the cloud business. Security is a core aspect of the activities of companies like Amazon Web Services, Microsoft Azure and Google — they can marshal resources that the average company can only dream about being able to afford.
“You would expect a mainstream cloud service provider, as opposed to a private cloud provider, to be fully protected so your data should be fully protected. People want to get their atrisk systems off-site because, from the perspective of budget, those types of companies can properly protect their environment versus everything you’re reading about in the media,” said Boyle.
“If you want to be one million per cent sure of your security, then you have to assume you are going to be hit, so you have to take whatever actions you can to protect your data. The reality is that if Azure or AWS got hit with ransomware, then there would be huge ramifications. So if you’re a customer, it’s in their interests from a reputation point of view to make sure you’re fully secure.”
Likewise, using a mainstream software as a service offering such as that offered by Microsoft or Salesforce carries with it an assurance that security is part of the deal, taking it off the hands of the customer.
“You would really expect the provider to have everything in place for you, whether it’s CRM Online or salesforce.com or Office 365 or SharePoint Online — you have a default expectation that they’re never going to be affected because you’d expect the company to be investing in making sure that doesn’t happen,” said Boyle.
When it comes to infrastructure as a service, companies that have servers in the cloud are still responsible for protecting and securing them.
“If you have files on a server in the cloud, and it’s connected to your network and you get hit by a ransomware attack, then that server can be affected. The reality is that it’s not going to affect anything else in Azure or AWS because they’re all isolated, but it is going to affect you,” said Boyle.
“The traditional boundaries of the network are now gone. Once upon a time, that was your firewall and all your traffic went through that and you were like an isolated fort. But now with cloud services, users on the network need more access to different services and so you open up more permutations.”
Add in mobile devices accessing the network remotely and the fact that in reality most companies use multiple cloud providers to facilitate different aspects of their business, and the security situation can become overwhelming.
“You could have your human resources system with one company, your email with another, your enterprise resource planning with a third company and you might need access to all of these. So you need to secure that access,” said Boyle.
This means that, instead of security being a consideration of the firewall, it has become increasingly important to work on protecting people’s identity — securing the individual instead.
“We now recognise the weakest point in any network is usually the user, so managed security services now involves protecting identities and providing single log-on solutions and two-factor authentication — making people productive but also securing them,” said Boyle.
In the aftermath of the WannaCry ransomware attack in which an estimated 230,000 machines in 150 countries were infected and incidents involving Britain’s National Health Service, Spain’s Telefónica and FedEx pushed IT security on to the front pages of international newspapers, protecting company assets has rarely seemed as important as it does now. According to Kieran McDonnell, country manager for Vuzion Ireland, this has thrown a spotlight on the role of cloud technologies in facilitating back-up and disaster recovery strategies.
“It’s made it more important than ever to make sure you’ve got a very good back-up regime in place, and back up as a service is something that a lot of people are starting to ask about, in combination with an active protection security regime,” he said.
“In other words, companies want to know that they’re using really good software to make sure that when they’re doing a proper back-up, it’s backing up just the data of their organisation. That’s a key thing that a lot of our customers are looking for.”