SMB’s who are thinking about embracing the Cloud as their cores IT strategy have a number of concerns.  The main concerns centre around service reliability, accessibility and security of data stored in the Cloud and I will cover the security element in this article.

Firstly let’s agree that there are numerous types of Cloud Service and I will be talking about two types:

SaaS (Software as a Service) – a multi-tenant Cloud service and vDedicated Cloud Servers – one or more virtualised dedicated server operating and managed in the cloud.

SaaS provides business end users with a low cost software service provided on an OPEX or rental model. With SaaS the computer hardware (physical or virtualised) is spread across all of the users that use the SaaS service.  Each user belongs to a specific Organisation and cannot access or see other users from other Organisations even though they all reside on the same platform. When services require data access and storage they utilise SQL databases – such as Hosted CRM and each organisation has a separate database for their data. Because of this each organisation cannot access anyone else’s data even if it is stored on the same physical database server.

vDedicated Cloud Servers are essentially virtual “guest” servers running on a physical “host” server. Each server is its own entity even though many virtual servers (guests) can share the same physical hardware. In other words they cannot access the other virtual servers running on the same host – unless specifically configured to do so.

Real-time Unified Communications services such as the multi-tenant Microsoft OCS or Microsoft Lync provide separation by using “Chinese walls” which are made up of scripts and permission settings that separate users from users within another Organisation preventing cross-organisation contamination of Information.

So if SaaS and vDedicated Cloud Servers are pretty secure, what about customer access security?  Most client access to cloud services are done by using secure web access call https which is usually protected by 128 or 256 bit encryption.

HTTPS is the same security provided to you by the banks when you access your online banking information – so if it is secure enough to protect your private finances it must be secure enough for company data.  However, one area that the online banking is more secure that SMB Cloud Services is the authentication system mechanism used when you log in to their services and I believe this is an area that SMB Cloud Service Providers have some room for improvement.

Users authenticating themselves onto many current SMB Cloud services are required to provide a username and password. Many good Cloud Providers require the users to enter stronger passwords – such as 6-8 minimum chars with at least one number and one capital letter which reduced the risk of password cracking. Also some Cloud Providers require users to change their passwords on a regular basis; however, sometime this can prove more insecure as users tend to write them down rather than memorising them.

There are a large number of solutions to improve authentication security – RSA Smart Tags is one of them and there are many more – it is just a question of Cloud Providers implementing them – which they will do if they see a demand from customers.

Finally, over the last 15 years of providing IT solutions to SMBs, I have come across many shamelessly insecure on-premise IT implementations that could have been easily hacked and data stolen. The reality is that SMBs do not have, or rarely can afford the type of expertise required in order to fully secure their IT assets.

At least Cloud Service Providers will now share a large part of the responsibility of data security with the SMB and this is a good thing – because Cloud Service Providers are in a far better position (technically and procedurally) to provide businesses with secure access to their vital data.