Long time since last blog… and an ocean of things happened over this period! Our Fusion practice has successfully executed 4 Fusion implementation projects during these 9 months – gives you an indication how rapid implementations happen on cloud.
Speaking to potential cloud customers, before and during the implementation, I understand one major concern in their flight to cloud is data security and privacy. This post is meant to throw some light in this area and lighten this concern a bit!
There are three questions that any customer would have…
How safe is my desktop/on-premise systems when I access/integrate the cloud application?
- This will depend on how well you have configured your firewalls and how vulnerable or impregnable your network is. It also depends on the trust worthiness of your provider. In most cases, when you go with big players – like Oracle, SAP, IBM, the question of trustworthiness is taken care of by the international standards that they adhere to. However, the internal network vulnerability is something that you need to take care of. In many cases, accessing cloud application is like accessing any other site like Google. So, the existing configuration to ensure your network security should be more than sufficient and you need not think of further hardening your network just because of accessing a cloud application. However, in case of hybrid setup where there are integration with on-premise systems, additional care needs to be taken in opening up ports for integration points like SFTP or Webservices. It is industry best practice to review your network vulnerability periodically.
How safe is the Communication Channel between my Premise and Cloud?
- Communication channel is very important since your data travels over the internet. This concern is addressed by the highest level of encryption standards that provides enforce on the communication. For e.g., Oracle supports and recommends a 2048 bit encryption for their cloud application. In case of private cloud where customers have a dedicated infrastructure hosted by their providers, you can also have a private network line connecting your desktop to “your” cloud.
- One other important communication options is the network provided by industry consortiums like ENX (in case of Automobile industry), ANX (Auto/retail/healthcare). These are highly resilient network that are compliant with very high industrial standards. Customers can get themselves plugged to these networks and partner with providers who can provide solutions through these networks.
How safe is my data on Cloud?
Industry renowned product vendors provide best in class data security on Cloud. An air tight security is enforced at multiple levels. The points given below will serve as a guideline/benchmark while evaluating a provider’s data security standards.
- Data centers hosting cloud are best in class in case of a good provider. For e.g., Oracle cloud is hosted in Equnix data center to host Fusion enterprise application. These are Tier 4 data centers, that means everything from links to storage to cooling systems are redundant and highly available
- The data center are highly secured physically though redundant surveillance systems. Entry to these data centers are protected by stringent process
- One major concern about cloud is multi-tenancy. This is more of a fear of your data getting mixed with other subscribers. But it is not a real technical threat, since even in a multi-tenant environment, technology keep your data immiscible. Oracle cloud goes a step further in providing dedicated pods that are single tenant. So even at the database level, your data remains isolated from other subscribers
- Beyond physical security, the network is safeguarded by multi-layered firewalls. This means firewalls are deployed at different tiers of the application (Proxy Server & Load Balancers, Webserver, Application servers, database server and storage). IPs at each level is tightly protected.
- Oracle provides a facility to whitelist IPs – this means access to the application is allowed only from a particular IP set. Any access to the application from other IPs can be restricted. This is an option provided to customers to restrict access within a confined environment (say from company premise)
- Beyond all this, providers employ very good intrusions detection systems to detect attempts of intrusion and block suspicious traffic
- The network is frequently assessed for vulnerability and alerts are sent to dedicated teams that works on addressing these vulnerabilities
- In case of Oracle cloud, additionally, data within the database is protected by Oracle database Vaults that enforces SOD (segregation of duty). So even a DBA who administers your cloud system will not be able to interpret your data. This prevents data theft by super privileged users
- The data files are encrypted and protected using technology like TDE (transparent data encryption) and prevents data theft from datafile at the OS level
- Good cloud providers are complaint to international security standards like ISO 27001:x ISO 27002:x, PCI DSS, FISMA/NIST, etc and ensure that the security process aligns to the industry best practices
Cloud – though it seems open, is highly secured. I believe now you’d agree if I say, your application on cloud is much more secure than it is on-premise in most cases. If you think otherwise, please feel free to comment and I’ll be happy to defend!
Having said all the above, you should still not share your passwords to your friends and follow the industry best practices in maintaining a good password policy to ensure, your system is rock solid.