Is the Cloud Safe? Ultimately, it falls on the business to ensure the security of their data, even in the cloud.

Kevin Binnie Director, Product Management and Marketing CopperTree Analytics

According to a recent RightScale survey of over 1,000 IT professionals, 95% of businesses are using the cloud. Energy Management Software is a popular example in the building automation industry.  Amazon Web Services is continuing to hold pace at a 64% year-on-year growth rate. The public cloud market overall is growing at a Compound Annual Growth Rate of 19.4%, according to Forbes. Yet one of the most common questions about cloud-based analytics is, “is the cloud safe?” The question is certainly valid and it can have several implications.

1. Will it support me as my needs grow? Organizations often take a conservative approach to new technology, for example, they might only apply analytics to one building even though they have hundreds of buildings, so the natural question is, “will your solution grow with my needs?” Ideally the solution provider ought to be able to explain how their solution both scales up (scaling the entire solution by adding more memory and computing power) and scales out (individual components within the solution can be scaled to meet needs). See the Wikipedia article on scalability for a more detailed explanation of scaling.
   

2. Does it Support my Business Continuity Requirements? Perhaps a bigger concern for most organizations than hacked data is lost data. Here are a few questions to ask when selecting a cloud services provider: Is there redundancy in the HVAC climate control? Is there a Pre-action fire suppression system containing fires by zone and limiting the distribution of water? Are there dual redundant power and dual redundant UPS power backups at each rack? For prolonged grid failure is there independent generator power for backup? Is there Network and application monitoring and analytics systems that report on the data center, hardware, networking, capacity, ports and applications in the data center?
   

1. Is it Secure? Most people think about security concerns when they think about the safety of the cloud. The Department of Defense, arguably one of the most sensitive organizations when it comes to data, lists over 20 providers that are authorized to provide secure cloud services to defense agencies and the military. The CIA is already using Amazon Web Services (AWS) for its intelligence needs. Still, there are several points of vulnerability to consider:

• Physical Security. Part of the risk of cloud-based solutions is that they are holding your data in the cloud. How are they managing the physical security of that data? At the very least, consider asking about the presence of security cameras inside and outside the facility, camera images being archived for at least 90 days, proximity pass and biometric scanners at access points, intrusion detection sensors, an audible alarm system, steel doors and a two stage man trap, individual locks on computer racks, an access control system that is locked in a secure room accessible only by authorized personnel, a manned and monitored security desk, and security systems monitored 24/ 7 by both the on-site and off-site staff.
  

• [an error occurred while processing this directive]Network Security. There are two considerations around network security: secure connectivity from the building to the cloud and secure traffic at the servers once there. When asking about the security of the connection to the cloud, ask about the device that is sending the data from the building to the cloud: is the user interface accessible for the transfer device accessible locally or remotely or both? Is the operating system that it runs on secure? If there is an Application Programming Interface (API), is it secure? Once the data is being sent to the cloud, how many ports are left open? Is there two-way or only one-way traffic? Clearly, if the traffic is only designed to travel from the device to the cloud, it’s a lot less vulnerable. Is the connection itself secure by VPN? Once at the cloud servers, can the provider guarantee no single point of failure? Are individual customer’s traffic isolated on separate VLANs? Is there separate layer 3 traffic? Are layer 2 traffic segments ever shared?
  

• Cloud Security. What protocols are in place to ensure that the cloud provider’s servers aren’t vulnerable? A well-known security breach is that of Apple’s iCLoud, where third-party software is suspected to have been used to steal celebrity pictures, some of them personal and intimate. According to Edward Ho, President of Systems and Software, “the breach was a result of vulnerabilities in Apple’s password security system, enabling persistent hackers to guess the passwords and security questions of select users. The cloud itself was never actually breached.”
  

• Ultimately, it falls on the business to ensure the security of their data, even in the cloud. The biggest vulnerability is the password individuals in the organization choose for accessing the data. A few simple precautions can go a long way to make it harder for hackers to break a password and gain access to data, such as requiring that access passwords be a combination of letters, numbers and characters with at least one capital letter, and reminding users not to draw on the familiar to create passwords. Social media has made it a trivial exercise to find your spouse’s name, your pet’s name, your favorite sports team and where you like to eat.It’s true that we live in a world of challenging security risks, but a thoughtful approach to selecting and implementing a cloud solution can reap rewards far beyond the risk.
  

To find out more about CopperTree and how we deal with security for our SaaS analytics, download our security brochure and contact our sales department if you still have questions.  For more information, click on the following link: https://goo.gl/Ii4GlA

About the Author

Kevin Binnie is the Director of Product Management and Marketing at CopperTree Analytics, where he leverages over 20 years of experience in product management, marketing, mergers & acquisitions, and new market development to develop and deliver software services that help companies to realize their building’s potential while reducing their environmental impact and creating better spaces for people to live, work and play.