MDW-240x110
Digital
Workspace

Our Managed Digital Workspace service gives your people everything they need to work securely from any location.

Find out more

    Cloud-240x110
    Cloud
    & infrastructure

    24/7/365 monitoring, alerting, incident remediation, and maintenance for all your network, storage, and compute infrastructure.

    Find out more

      serviceDesk-240x110
      Service
      desk

      Completely outsource your first or second line service desk functions to our team of in-house technical experts.

      Find out more

        security-240x110
        Security
        service

        Total threat detection, prevention, and response designed to protect you, your people, and your organisation.

        Find out more

          infrastructure-240x110
          Infrastructure
          solutions

          We offer a full range of infrastructure solutions that can be tailored to suit your organisation’s specific requirements.

          Find out more

            publicCloud-240x110
            Quadris
            Public Cloud

            Quadris Public Cloud provides a simple, scalable public cloud service but with much greater emphasis on security, data integrity, and support. 

            Find out more

              prevensys-240x110
              Prevensys
              monitoring

              An industry-leading monitoring solution that maintains the health and performance of your IT network with ease and clarity.

              Find out more

                additional-240x110
                Additional
                solutions

                Find out more about digital workspaces, networking, data centres, security, and our other professional services.

                Find out more

                  Procurement
                  frameworks

                  Quadris is a registered supplier and approved partner on the most important UK public sector buying framework.

                  Find out more

                    Secure
                    remote access

                    Access the Quadris support portal to create a new remote support session with a member of our service desk team.

                    Find out more

                      Careers
                      @ Quadris

                      We're always on the lookout for exceptional individuals that have a desire to learn and to deliver outstanding service.

                      Find out more

                        Customer
                        portal

                        The place for existing customers to access and manage their entire account and all interactions with the Quadris team.

                        Find out more

                          Tech
                          articles

                          A variety of technical articles authored by our internal team of technical experts and covering a wide range of subjects.

                          Find out more

                            Success
                            stories

                            Discover why some of our most valuable customers chose Quadris to deliver a wide range of IT and professional services.

                            Find out more

                              Sector
                              news

                              Every month we roundup the latest news from across the IT sector and present it here in an easily digestible format.

                              Find out more

                                Brand
                                guidelines

                                Discover how the various Quadris brands should be used correctly and access high-resolution downloads of a range of assets.

                                Find out more

                                  5 min read

                                  If you think your data is safe on the public cloud, think again.

                                  With its promise of increased efficiency, scalability and agility, more and more organisations are adopting public cloud services.

                                  Yet many security professionals are voicing their concerns loudly and clearly; citing security issues such as data loss, data privacy, compliance, accidental exposure of credentials, and data sovereignty.

                                  In fact, according to a recent survey (conducted by Synopsis and covering 400,000 members of the Cybersecurity Insiders information security community) a staggering 93% of cyber security professionals stated that they are “moderately to highly concerned” about public cloud security. (To download the full report click here.)

                                  While this figure is truly astonishing, it should as no surprise when you consider the fact that nearly 30% of cyber security professionals admitted that they had experienced a public cloud-related incident in the last year.

                                  With this in mind, in order to ensure your organisation’s all-important data is as safe as possible, below is a list of some of the key considerations you should pay special attention to before rushing into adopting public cloud services.

                                  1. Ultimately, the security of your data is your responsibility.

                                  First and foremost, you must recognise that this is a shared responsibility model. As a result, you take responsibility for security to and from the cloud, while the Cloud Service Provider (CSP) takes responsibility for security within its cloud infrastructure.

                                  It’s true that CSPs such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) are offering increasingly robust security to protect their evolving cloud platforms , and have to meet very high standards as set out by the Cloud Security Alliance (CSA).

                                  But while this may unburden your organisation from proving compliance, ultimately any fallout and fines that result from data loss or compromise, even if it is the fault of your CSP, will fall squarely on your shoulders.

                                  1. Data Sovereignty and Compliance.

                                  As increasing numbers of organisations conduct business globally, there is a growing requirement to adhere to strict regulatory and compliance requirements that mandate where your data can be held, such as the European Union’s General Data Protection Regulation (GDPR).

                                  Yet many CSPs store, backup and replicate data in multiple data centres, the physical location of which could well breach regulatory or legal compliance. As a result, a CSP must be able to demonstrate that it has data centres that comply with any data sovereignty regulations and are therefore to geo-fence your workloads.

                                  It can be difficult, if not impossible, to verify that your data exists only at allowed locations. As a result, you need to ensure that your CSP is being transparent about where their servers are being hosted and equally importantly that they adhere strictly to any pre-agreed Service Level Agreements (SLAs).

                                  Furthermore, you need to be in a position to fully enforce any compliance requirements through continuous monitoring and alerting, as laid out by the relevant policy-based templates, ready in the event of any audits.

                                  1. Make no mistake, public cloud vulnerabilities are growing by the day.

                                  The steadily increasing popularity of the public cloud has been mirrored by increasing numbers of cloud security incidents.

                                  The consequences of such an incident can be catastrophic. One well documented example was the theft of over 100 million records from Capital One by a former Amazon Web Services (AWS) employee who exploited a well-known cloud computing vulnerability.

                                  This puts into sharp focus the importance of paying close attention to security in the context of the public cloud, but also recognises that despite the best defences in the world, no system is completely secure – especially when you factor in the human element.

                                  1. Reduce risk through the use of encryption and role-based access control.

                                  In the annual Cost of a Data Breach Report, conducted by the Ponemon Institute and sponsored by IBM Security, the extensive use of encryption was highlighted as the number one factor in preventing and mitigating the impact of a data breach.

                                  Any CSP worth their salt, should be able to offer you the very highest level of protection against any tampering such as a FIPS 140-2 level certified hardware security model. This will enable you to access functionality while ensuring that no one else (including CSP administrators) has access to encryption keys at any time or at any point.

                                  Now add to this role-based access control and you greatly reduce the risk of breaches and data leakages and ensure greater compliance through the careful management of who has access to sensitive information.

                                  The downside to encryption is that it relies on those users with access to remember to enable the encryption and manage the keys properly. This can add considerably to the overall cost, and as a result negates many of the savings normally associated with migrating to the cloud.

                                  1. Pay special attention to the entire lifecycle of your data.

                                  In order to ensure the efficient management of the flow of data throughout its lifecycle, you should first categorise your data into four main groups, public, internal, sensitive and restricted. Defining the different data types will help you to establish set guidelines as to its criticality and value to your organisation and determine whether you should adopt public cloud, private cloud or on-premise services.

                                  With public cloud adoption in mind, special attention should be paid to the destruction of data at the end of its lifecycle, especially when there are mandatory regulations or compliance issues.

                                  With the on-premise IT environment there are several options open to an organisation: the physical destruction of media and hardware, degaussing, overwriting, and cryptoshredding. With the public cloud, most of these options are simply not feasible, because the CSP owns the hardware making physical destruction almost impossible. 

                                  That leaves cryptoshredding as the only viable and realistic option for data disposal in the public cloud. And as mentioned previously, this requires that your data be encrypted in the first instance and carries with it the burdens of human error and increased costs.

                                  1. Choose your CSP wisely.

                                  If you do decide to make the leap and migrate your data to the cloud, first and foremost choose a CSP that offers the very highest levels of protection and expertise. In addition, pay special attention to reducing risk; covering areas such as encryption, access control, monitoring, visibility, data sovereignty and all associated compliance and regulatory requirements.

                                  Furthermore, any cloud platform needs to be very closely integrated with any on-premise virtualised environment. This way you will be able to run workloads in the cloud that deliver maximum uptime availability at the virtual machine level, while also taking advantage of configurations such as stretched clusters in order to reduce risk and increase the availability of critical applications.

                                  Summary: migrating to the public cloud could cost you a fortune and leave you vulnerable.

                                  Caveat emptor!

                                  As workloads continue to move to the cloud, organisations of all sizes and sectors are recognising the complications of protecting their data.

                                  The reality is that there is no one-size-fits-all solution. When considering migration or integration into the public cloud, first and foremost you have to consider how it will affect the IT systems and infrastructure within your particular organisation.

                                  Regulatory compliance, the sensitivity of the data you are holding, geographical location, these are all factors that will determine whether or not the public cloud is a suitable solution. Even within an organisation itself, there may well be data that can be migrated to the cloud, while data that requires added security and control would be better placed in a private cloud or on-premise data centre.

                                  But even with highly specialised teams working tirelessly to provide a wide variety of options to secure and provide access to the public cloud, the security of the end result is still dependent on the customisation and configuration by the organisation itself.

                                  At the end of the day, the single most quoted reason why many organisations have considered migrating to the cloud is the promise of lower costs.

                                  But when you consider all of the above, the security, the regulatory compliance issues, the data lifecycle and the cost of securing your data, then it doesn’t seem quite so profitable after all.

                                  To discuss your IT requirements and the different options available to you, contact Peter Grayson on 0161 537 4980 or email peter.grayson@quadris.co.uk

                                   

                                  If your remote workers get hacked, don't just blame the IT department.

                                  It’s the nightmare scenario that gives IT professionals sleepless nights...

                                  Read More

                                  7 steps that will ensure your new distributed workforce stays connected, productive, and secure.

                                  How to go about ensuring that your organisation is ready, willing, and able to operate a digital workspace that can meet the growing and...

                                  Read More

                                  Why the Managed Digital Workspace must place security at its very heart.

                                  While most organisations have embraced remote working, the one area that is proving to be the weakest link is security.

                                  Read More