There is a linear relationship between increasing cloud consumption and the necessity for security. “The cloud”, which can mean many things, provides unparallelled flexibility and scalability for a business. At MCFTech, the cloud has created a scenario where more of each incremental hour of work drives value add, rather than worrying about things like dual power supplies on a server, or health of a hard drive. Leveraging cloud Infrastructure as a Service (IaaS) providers such as Amazon Web Services (AWS) and Microsoft Azure means they manage the physical layer. Each of them are much more capable at addressing physical hardware, redundancy, and security than most organizations. While Azure and AWS are managing that physical security (badge access, biometrics, etc.), the rest is left up to the end consumer or business.
The same concept extends to cloud platform providers such as Quickbase, or other hosted applications/services such as Google Apps, Dropbox, or Office365. In these types of platforms, the service provider is managing the servers (potentially hardware and virtual), the patching, updates, encryption, etc.
In Platform as a Service/ Software as a Service (PaaS/SaaS) and IaaS, the barrier to entry for “the cloud” is relatively low. This sometimes causes people to think “they are secure” inherently when it actually increases the need to treat security at the other layers seriously. A bank may have a very secure vault but the security on the vault is rendered useless if the branch manager does not treat the combination and/or keys with high levels of confidentiality and security.
The same can be said for the cloud.
Now that these awesome and powerful tools are available to an organization, who governs the access? Who ensures permissions are appropriately handled? In the case of managing virtual servers instead of physical, are patches up to date? Are information security resources monitored for vulnerabilities such as Heartbleed and Poodle and are those vulnerabilities quickly addressed?
These are things that MCFTech has recognized as extremely important for the security of both ourselves and our clients which is why we obtained third party validation of our practices via a SOC 2 report. SOC 2 is a widely accepted audit standard which checks an organization’s commitment to the following areas: security, availability, processing integrity, and confidentiality. We are happy to report the auditors found no exceptions in our processes and procedures during their audit. We are committed to security in multiple ways. Some of those include code vulnerability testing, thorough processes and procedures, and routinely investing in R&D with new technologies to stay on the cutting edge.
To find out more about how MCFTech protects your business data, contact us today!