Tomer Schwaitzer, CEO, Y-tech
When you approach a potential customer with your cloud computing solution, he must feel safe enough to give you a chance.
After gaining his basic trust in you as a person and as a professional, you have to present a convincing way to protect the cloud computing service he is buying.
As I mentioned in my last post, your customer is often not an IT professional, let alone a cloud computing expert, but he does know when you, as a professional and your security solutions give him peace of mind. The way to do it is be sure that you yourself know that you have all the required cloud computing security functions in place. Once you have belief and confidence in your solution, you will transfer the same feelings to your customer without even knowing you do. Authenticity and transparency is all you need.
Delving into the specifics of all these functions is beyond this post's scope, but Y-tech's very extensive experience has allowed us to compile a checklist of several – surely not all – general guidelines:
Make sure you comply with relevant data security standards
You do not have to reinvent the world of data security in order to plan and implement an effective end-to-end cloud security solution. Ensure you comply with the highest industry standards for security, such as ISO / IEC 27001. This will help you ensure that you supply your customer with the most critical security functions.
Don't compromise on 24/7 monitoring and control
The best cloud security protections are useless without total monitoring and control. Make sure you monitor and control all the computing and networking components of your systems 24/7. Use the highest quality NOC (Network Operations Center) and receive alerts before or during any cyber or information security threat is active.
Think twice before you expose servers to the internet
Since exposing the servers in your cloud service to the internet can maximize their functionality, you might feel tempted to do it very early on. The most common mistake in this respect is to do it before you have the required security mechanism for these servers in place. Don't be tempted to get into that trap.
Make sure your firewalls cover the entire cloud
Putting firewalls in the most prominent locations such as the entrances and the exits of the cloud is relatively easy, but it will not ensure your peace of mind regarding your cloud security. Make sure you go all the way and place the best firewalls you can afford and that they cover all the locations in the cloud, internal and external.
Strengthen your protection against DDoS attacks
There are surely countless types of cyber attacks today, but in my opinion, one type of threat that is often not being met well enough by some cloud providers is DDoS (Distributed Denial of Service) attacks. Screen the entire traffic in your cloud and make sure you use that best DDoS protection you can lay your hands on. For most organizations basic protections will be enough and not that expensive, and they are able to implement them as a standard service. If a customer wishes more, make sure you can scale.
Protect your customer from his neighbors
You might feel that you are protecting your customer's cloud service against external attacks in a perfect way. However, if you are selling a cloud solution that hosts several customers, which you probably are, the neighbors' systems can be a source of threats for your new customer's cloud infrastructure. Make sure you protect your customer from his neighbors in the data center at least in the same way you protect him from external threats. Sometimes, internal threats are even larger.