Our customers ask great questions. Here are some of the more common ones. If you have any other questions we may answer for you, please don't hesistate to contact us today.
There are two broad categories to consider regarding security of cloud services: security of the cloud, and security in the cloud.
Cloud platforms like AWS, Google Cloud, and Azure, are responsible for security of the cloud. This means that they ensure the facilities, hardware, software and networking in which their services run are secured. The customer by contrast is responsible for security in the cloud. This means that after the cloud platform provides us with resources to use, we are responsible for keeping our applications and data secure. We do this with sound cloud architecture using encryption in transit and at rest, using secure passwords, network ACLs and security groups, proper authentication and authorization, etc.
There are several different kinds of cloud storage. In all cases the customer is responsible for securing access to the resource where the data is stored. Any computer system can be accessed by unauthorized entities if not secured properly.
For example, in S3, an object storage service in AWS, the customer must ensure that public access is turned off, that there is an effective policy attached to the S3 "bucket" that grants specific actions to specific systems or individuals based on the principle of least privilege. This means that you provide an individual, role, group, or system with only enough permissions for the actions that role will actually need. Never use wildcards in policies because this will almost always grant more access than needed. In EFS, a block storage solution, the endpoints that connect the volume to your EC2 instances should be secured with security groups. The EC2 instances themselves should also have security groups protecting its network interfaces, and logging-in to the instance should be secured by SSH or similar. Keep your SSH keys safe!
As per the AWS Shared Responsibility Model, the customer is responsible for keeping their applications and data secured, and with the right cloud services consultants you can ensure your cloud architecture is sound.
At kind of computer system can be accessed by unauthorized entities if not secured correctly. In order to minimize the chance of this happening, ensure you use complex passwords and SSH access, secure the network from intrusion, and use system firewalls.
Every storage service in AWS and other cloud providers includes recommended strategies for backing up and restoring data. For example, S3 in AWS comes with extremely high levels of durability (99.999999999% durability of objects over a given year) meaning that over a given year you would only risk losing 0.000000001% of objects due to a hardware failure on the AWS-side. In other words, over a period of ten thousand years, if you were storing ten million objects (files) you might lose one single file. That's over ten thousand years! This really means S3, due to the way AWS has architected the service, is extremely reliable. If you wish, you can sync your S3 buckets to other regions within AWS in order to maintain a backup. In the case of other storage services like EBS, it's essential to create policies that automate backups regularly. Of course if you don't properly secure your resources in the cloud, your data could be lost due to malicious activity. Take care of security of your applications and data in the cloud in order to keep them protected.
The short answer is yes, files stored in the cloud can be lost, but if you choose the right service for the use-case, secure it correctly, and follow best practices to ensure backups are taken regularly it is unlikely that you will lose your data.
The cloud refers to platforms provided as a service and controlled through a web or command line interface that offer an array of compute, storage, other services at low cost and nearly instantly from anywhere in the world. The key idea behind it is that it offers the opportunity to take advantage of economies of scale to democratize access to powerful technologies, and the customer pays for what they use.
The cloud is essentially a collection of data centres spread throughout the world and accessible through these interfaces. It is so named because the customer never has to think about the hardware and data centres that the cloud platform uses to offer their services. Importantly, the client also doesn't have to make purchases of hardware and take the risks inherent in estimating requirements when building an on-premises data centre. With cloud, it's all available on-demand and at lower cost than on-premises.
Contact us for a free consultation to learn how we can help you take advantage of the cloud in your business.