Understanding how accessing a Cloud can be secured and if it can be as secure as hoped is an issue that should be well-considered. Here, we hope to make things a little clearer.
Although Clouds host an extensive range of services, professional and not, there is no distinguishing between the intelligence of an internal company server or an external one: quite simply if the server is configured to be secure, it will be and if not, it won’t.
Hence secure access to a Cloud server depends on the security plan in place. If you use a SaaS service, it’s the access protocol to the service which offers different levels of security. Such security is offered by an access management software. It encrypts right from the start of a Cloud transaction, before accessing any application or any data. This is typically what Microsoft has integrated into Office 365: a 256-bit AES encryption integrated in all connections on Office 2010-2013 to the data or intranet/web services hosting platform. Each identified intranet user interacts behind a 256-bit encryption, as if it were a true, dedicated VPN, hence there’s no chance of your intranet being open to other parties.
Password and backup management
It’s not just Microsoft, but all serious professional hosting platforms that have adopted this level of security. Other examples are those of InterCloud and Symantec.cloud from Symantec, which have set up interconnected Cloud networks that offer said type of protection to different SaaS platforms.
When it’s your own virtual server (PaaS (Platform as a Service)) which is hosted on a professional Cloud, public or private, you have the option of installing your own security programs. You can even unite identities through a network of Cloud servers, qualifying then as a Cloud infrastructure (IaaS (Infrastructure as a Service)). This can also be done on classic servers.
The main risks lie in the weakness of passwords and the lack of or simply ill-management of backing up of data essential to the running of the business. And if your Cloud infrastructure is managed by yourselves, the risks are the same as those of a classic infrastructure: if security is not well-managed, the consequences can be severe.