When is a cloud service secure?
Marek Chládek, 10. 05. 2023 | 3 min read
No two clouds are the same. Although cloud services are generally considered secure, the internet remains a high-risk environment, and providers should follow some basic security rules. What are these rules and what should you require from the provider? Find out!
It all starts with the platform
The cloud platform is a critical element of any cloud service. You may run a sophisticated, secure, and reliable service, but if the security and reliability of the cloud platform itself are compromised by the provider, the entire service is at risk. There are dozens of cloud platform providers on the market, and you need to consider all the criteria that are important for the service. Is the service hosted by big players such as Amazon (AWS), Microsoft (Azure), Google or Oracle (OCI), or on a somewhat smaller and more flexible platform like Vultr? That already says something about the service itself.
Respect laws and regulations
Virtual laws are often easier for individuals and companies to break or evade. Therefore, look for a provider with a good reputation and have it substantiated by certificates of compliance with international standards and norms in the field of data protection and secure development processes (e.g., ISO/EIC 27001, GDPR). The registered office of the company will also give you a hint. In general, services from the EU and North America continue to have far fewer issues with data leakage and abuse.
Encryption: the basis for cloud services
Data encryption is a very important part of any solution. In general, we can divide the entire solution into three fundamental areas where data needs to be secured:
Communication within the cloud infrastructure
Communication between the cloud, the user, or a configured device
Securing data on disc and intra-cloud infrastructure communication mainly protects data from system administrators and uninvited guests who might breach the infrastructure. Data traffic between end-users, the cloud, and devices is exposed to the public internet and thus exposed to potential intruders. It is therefore important to protect the transferred data with sufficiently strong encryption.
The importance of vigilance – and updates
Technology is changing rapidly, and intruders are becoming more and more inventive, so you can’t afford to compromise on the security of cloud services. You need to continuously improve your security development processes, monitor for known vulnerabilities, update key components, release security firmware updates, and last but not least, choose and update third-party libraries that are a common feature of most application development today. All of this is a very expensive but necessary aspect of the lifecycle of a professional cloud service.
Are 2N cloud service(s) secure?
Very much so. The My2N Management Platform is a cloud service within the 2N portfolio that streamlines the management of 2N products and offers premium features for administrators and end-users. My2N cloud runs on Amazon's cloud platform (AWS) with servers hosted in Ireland. It follows the best AWS security practices. We’ve designed the entire solution in accordance with ISO/EIC 27001 and GDPR standards. And as for encryption: all stored data is encrypted, as is communication between components within the cloud infrastructure. We’ve designed our own communication protocol for secure communication between devices and the cloud. Naturally, there is also strong communication security between the end user’s web application and the cloud or call encryption.
Don't stake your reputation on an unknown and vulnerable cloud solution. Protect customers' data and your own!