Cloud Computing and Securing Your Data
As cloud computing continues to grow, the case for eschewing a traditional framework of purchasing and maintaining hardware to run business applications grows stronger each day. In moving to the cloud, businesses no longer have physical access to the hardware, which provides clear benefits in that they don’t have to maintain or update it.
However, using the cloud for website-related applications requires a strong focus on security – particularly control panel access, data security, and backups.
Control Panel Security
Cloud computing starts and ends with the control panel. For Amazon Web Services (AWS, the leader with 94% of the cloud computing market), the first step to building your infrastructure is creating a console account. The console account begins with the “root” user. The root user has access to all aspects of the account including billing, service creation and I.P. address creation and deletion.
Restricting access to this account is the first step in securing your business. The root account should be created, assigned a strong password and then used only for tasks such as updating billing information.
Once you’ve secured your root account, the next step is to create an administrative account. This account will have access to the creation, suspension, termination and modification of hosting services, however it doesn’t have access to fully terminate the account. Other account types should be created with the limited permissions required for billing and customer service.
When you have no physical hardware access, it’s important to restrict entry only to those who need it and only to the specific functions they need. One final critical step is to enable Multi-Factor Authentication (MFA), a service that is synchronized with an app on your phone. When you login, the website requests a special number from that app. Only people with physical access to the app are able to login, for an additional layer of security.
Ensuring the security of data has always been important, but in the cloud it takes on additional urgency. Security begins with trusting your cloud service provider. What is their policy on customer data privacy? If you’re not certain about the safety of your data, consider moving to a larger cloud provider such as AWS or Microsoft Azure.
It is good policy to limit access to company data only to employees with a specific need. With physical hardware, you can physically wire servers together to control transfers. Conversely, with the cloud you can’t account for the route your data will take between servers, making it more likely to be intercepted. Therefore the safest option is to encrypt all data transmission between servers.
Finally, it is good practice to employ a firewall, only allowing access into your network from specific locations.
Backups and the Cloud
An oft-overlooked aspect of security is backups; some companies build large databases of information but neglect to back them up. Keeping onsite and offsite disaster recovery backups is critical to continuity planning in the case of an outage or data loss.
In the event of a disaster, if you had physical hardware, you could attempt a recovery from it. With cloud hosting, you have no such access. The solution is to create nightly database exports and incremental file backups for small data loses (i.e., accidentally deleted files). Establish an offsite backup routine such as placing server snapshots into the AWS S3 cloud. With a little planning, you can establish an automatic backup system that will protect your data and ensure business continuity.
Cloud security and hosting for websites and related applications requires detailed planning and implementation. Contact us if you have any questions or check back as we add more blog posts.
Why Host Your Magento Store on the Amazon Cloud
Hosting a Magento Website on the Amazon Cloud
Managed Hosting Overview
Managed Hosting Configurations & Options
Does Your Business Need a Global Enterprise Hosting Solution?
Multi-Region Websites: Geolocation for eCommerce