1

It was suggested by some consultants that We relocate some of our critical systems in our environment to cloud base architecture. Besides knowing the fact that on a cloud base architecture we have no control over their infrastructure, what other areas of concerns must I look out for when putting critical systems to the cloud (instead of managing them ourselves) thanks

dorothy
  • 715
  • 1
  • 7
  • 18

2 Answers2

7

"The cloud" is marketing-speak for "other people's servers", so I will use that term instead.

When you move critical systems to other people's servers, you need to be aware that they have physical access to the server and to their network connections. When they are not trustworthy, they are able to steal your data or eavesdrop on your network traffic.

A sensible precaution is to use full-disk encryption so that even when they look at the filesystems of their servers, they don't learn what your systems which run on them are doing. Which technologies are available for this depends on the operating system you are using.

Another important precaution is to make sure that any remote access is encrypted and well authenticated (preferably by certificate and password). Remember that you are no longer talking to your own servers in your own datacenter via your local area network. You are now communicating with other people's servers via a normal internet connection. When possible, the servers should be configured to only allow access from your IP addresses, when the people who own them are able and willing to make that happen.

However, when you believe you can trust your provider, having your software run on their servers can even have a security benefit. People who provide such services as their primary business model usually(!) have lots of know-how about how to properly secure a datacenter against logical and physical attacks. They might also be able to provide a better uptime than you do. When your organization lacks the know-how and resources for proper datacenter operation, letting someone else handle this might not be a bad decision. But you should do your research about the security track record of the people whose servers you are running your systems on.

Philipp
  • 48,867
  • 8
  • 127
  • 157
  • 3
    Full disk encryption wouldn't really prevent the cloud provider from learning what you're running in the sever. – Lie Ryan May 22 '18 at 11:41
0

The other problem when putting "mission-critical" systems on other peoples' servers, is that there MUST be a communications link between your area and theirs. If that link goes down, so does the system.

Consider the thought process of having an old-fashioned wired phone, used to receive called in orders (for takeout food, say). If that phone line is cut, then no one can call in.

What sort of link(s) would be between your systems and theirs? And what could happen to them? E.g. Katrina/Sandy; earthquakes; ice storms; idiot with a backhoe cutting the cable; they have a dispute with their ISP and go offline...

Ghastly Ghest
  • 1