It wasn’t that long ago that companies were looking skeptically at cloud providers and SaaS applications, wondering at their security. After all, even the most hands-off vendors like marketing agencies have to be vetted as secure and trustworthy before signing – how could it even be possible to vet a software intended for those with the very highest security clearance? Why would a company even want to store that data off-premise?
Yet, over time, cloud services and SaaS have now become veritable requirements for any functioning businesses, especially if they – ironically – offer SaaS services as well.
A new player has entered the arena, however: infrastructure-as- a-service, or IaaS. This new industry offers computing resources as well as storage and networking capabilities “for hire” in the same way that SaaS offers a piece of software when you need it, without having to purchase it outright, or keep it around when your company outgrows it. Essentially, with IaaS, you’re renting the hardware to run SaaS and PaaS on.
But when is this a good thing, and how can you make sure it’s safe and secure? Are there any situations in which IaaS is not a good idea?
Where IaaS Makes The Most Sense
As with any tool or piece of technology, while everyone may be intrigued by it, it doesn’t make sense for everyone. IaaS is no different.
Renting your infrastructure, as a general rule, makes the most sense for those who are already receiving significant benefits from cloud computing in general. Their needs and demands ebb and flow, or may even be a bit volatile and unpredictable, which means the ability to scale up and down is key. Cloud services in general are also extremely useful for those brands that are very budget conscious, and who may not be able to afford the physical components they need – or perhaps the space used to store them.
However, if your company is subject to significant number of compliance laws and regulation, IaaS may not be ideal, at least at this time. As industries – and regulatory bodies – get used to advancing technology, there will likely be changes to those very regulations, but as it currently stands IaaS will cause more problems than solutions for many medical, government or financial institutions.
How To Ensure Security
Hardware has always been the last holdout of security, in that it seems to be the most solid – given that you can physically touch it – but is increasingly being used directly as a means for back doors (as evidenced by the latest WikiLeaks announcement).
The threat is even more severe when it comes to IaaS, as, instead of running your own security systems on the hardware, you’ll be trusting the vendor to do so. For this reason, we urge you to lean towards previously trusted and vetted providers – and remember, you get what you pay for.
When selecting a provider, make sure that they offer the following configurations:
● Round-the- clock security monitoring. Yes, this may seem obvious, but it’s obvious because it’s a critical requirement. Your vendor should have logging and behavior monitoring tools that you can access and check up on whenever you feel the need to, and which push updates to you whenever there are updates. Keep in mind this will likely be a requirement for you legally as well as for common sense, especially if you hold highly classified information such as medical, financial or government information.
● Elimination of inactive accounts. There should be a system that proactively inquires about accounts that have not been used in some time. It’s imprudent to keep logins valid if there is no human who needs them, as it not only gives malicious parties another target, but the account is likely going unmonitored – in the case of an attack, it may not even be detected for several hours or days, if done well.
● Multifactor authentication. As a technical lead, you know that no matter how strong a password is, it can be cracked. Ensure your data’s security with multifactor authentication to add a significant roadblock to anyone who may target employees with weak passwords, and to prepare for the future of quantum computing power becoming available to consumers.
IaaS is an extremely promising new cloud industry, and we’re excited to see where it goes in the future. It will bring significant advantages to startups and businesses of all sizes, in the same manner that cloud storage and software has. However, there are still some kinks to be worked out, especially when it comes to security and compliance. Don’t be shy about giving the Burstorm team a call if you’d like to learn more about if IaaS is right for your company!