In the wake of the now infamous Target data breach, which compromised the credit card data of 40 million people, the hunt for answers continues. Target’s point-of-service system might be to blame, or maybe even overlooked malware warnings. Some even speculate it was caused by a hack leading from an HVAC database into a repository of cloud-based services. Since the breach, Target’s tech chief has resigned and the search for answers is far from over. Cases like this always bring network security to the forefront of the industry’s concerns.
As a potential cloud provider, it’s more important than ever to understand emerging security issues. These five tips for dealing with cloud security should inform how you approach sales and what solutions you offer.
Know the Concerns
Last year, the Cloud Security Alliance defined the Notorious Nine: the nine greatest threats to look out for with respect to cloud security. As a provider, you must be aware of these issues and actively understand how to approach them — it’s in your best interest. By entering a cloud partnership, a business cedes a measure of its control to you. Having a mastery of emerging concerns lets prospective partners know that you understand what is at stake and have what it takes to help diffuse a potentially hectic situation. That said; making sure that you have security responsibilities well defined in your service level agreement (SLA) is a critical part of a productive provider relationship.
Build on the Trust … But Question It
Clients with different levels of IT literacy will have different degrees of comfort with cloud services. For clients who trust wholeheartedly in you to keep them safe from security threats, make them aware of the issues and responsibilities all parties have with respect to security. If a potential client is skeptical, use that as an opportunity to pitch a bundle of services to deal with security risks.
Not All Data is Meant for the Cloud
Cloud-based services are hot right now, but there are still plenty of other places in the channel for growth and success. You’ll be well-positioned if you can move into cloud solutions while still providing and supporting any number of onsite IT solutions.
Know How to Comply
If you’re dealing with clients in government, clients who manage medical data protected by the Health Insurance Portability and Accountability Act (HIPAA), or clients in fields prone to regulation, you’ll need to understand and comply with data regulations on state, local and federal levels. Being aware of these regulations beforehand can save time and money by preventing the migration of data that cannot legally reside on the cloud. It will also prevent the need for subsequent cleanup.
Understand Security Perspectives
Due to the ease with which some cloud services can be implemented, some businesses are moving toward a rogue IT model. This means that IT departments make use of existing cloud-based services without either owning the infrastructure or using a solution provider. While rogue IT solutions are tempting, they offer no ability to address the sort of security breach scenarios that are occurring more frequently. Understanding the pros and cons of this route will allow you to sell yourself as a counterpoint.
Regardless of what services you provide in the channel, you’ll benefit from keeping up on cloud security, and what causes cloud insecurity. If you’re looking for a place to start, CompTIA offers a number of resources to help you understand and enter this growing field. As cloud computing continues to grow, and businesses reticent to adopt cloud-based technology start to come around, you’ll be well positioned to offer solutions. To learn more about cloud security, visit the CompTIA Quick Start Guide to Tackling Cloud Security Concerns.
Kelly Ricker is senior vice president of events and education for CompTIA.
