100% Australian Windows Web Hosting

Blog

Security

Why Most Cloud Adoption Challenges Don’t Include Security

Since 2013, respondents surveyed for RightScale’s State of the Cloud reports have consistently ranked security as the number one challenge they face when adopting Cloud technology, until now. This year’s report revealed a shift away from security concerns among both SMBs and enterprises at all levels of Cloud maturity. The new top challenge? Lack of resources and expertise.

So why the shift? Why have businesses using Cloud dropped security as the biggest challenge they face? Beginner users, moderately experienced users and those who heavily rely on Cloud technology all ranked security as their biggest challenge in the past, and have now dropped it to 2nd, 4th and 5th respectively – what has brought about this change?

RightScale Report Graph: Cloud Challenges 2016 vs. 2015

The answer lies in one simple fact — companies are becoming more comfortable with the Cloud. And with greater comfort, so too comes less fear. Which in the world of the Cloud, means less emphasis on security as a top concern. Three primary catalysts have contributed to this rise in Cloud comfort: familiarity, education, and specialisation.

1. Familiarity

Throughout history, new technology has been viewed with apprehension until it reaches a tipping point. Typically, technology adoption follows a common journey, beginning with a slow trickle of early adopters. That trickle eventually becomes a steady flow of users, until suddenly, more people are using the technology than not. And finally, the scales tip and suddenly the technology is in mass consumption.

In its early days, the Cloud was perceived as a risky venture, to be adopted only by daring start-ups. Over time, as more and more companies switched to the Cloud, this perceived risk has increasingly diminished. Today, Cloud adoption is hovering somewhere over 90%, and will likely continue to rise as more companies become familiar with its offerings.

As more companies migrate to the Cloud the perceived risks increasingly diminish.

2. Education

Companies only just starting out in the Cloud still face concerns about keeping their systems safe – security is their number 2 concern. Those who’ve used the technology a bit and are beginning to expand and optimise place security lower on their list of concerns. By the time companies reach the stage where they rely heavily on Cloud computing for their operations, security barely makes their top 5 Cloud adoption challenges.

As businesses gain experience in the Cloud, they also gain knowledge. Their understanding of the technology deepens, and their comfort level increases. In short, the more we learn about the Cloud, the less we fear the Cloud. To illustrate, let’s think of the Cloud as a car. Imagine you’ve never seen a car before and suddenly someone asks you to go for a ride in this strange metal contraption. You’re likely to say no right? But then one day, someone shows you a car up close, explains how its engine works, and how it can help you safely move around. Armed with an educated understanding of that once scary and unfamiliar car, you’re now much more likely to take it for a drive.

3. Specialisation

The growing number of companies rushing to migrate their applications and data to the Cloud has prompted a proliferation of Cloud implementation specialists. Managed hosting providers have carved themselves a healthy niche in helping businesses transition to the Cloud by taking care of all those nitty gritty details (including security!) for them. While many SMBs and enterprises lack the deep knowledge and expertise to ensure their Cloud space is secure, managed hosting providers make it their business to remove Cloud adoption challenges by specialising in security, compliance and monitoring.

Managed hosting providers guide businesses through the Cloud adoption process

Businesses that might otherwise be reluctant to use the Cloud can now make the journey with a trusted and knowledgeable guide. Like a visitor in a strange country, the journey into the unknown territory of the Cloud alone can be daunting. But on a guided tour, the whole experience is an adventure of discovery. As hosting providers offer more specialty services designed to remove obstacles in the Cloud traveler’s path, more businesses will make the trek towards adoption.

Defeat Your Cloud Adoption Challenges

Are you ready to make the move? At StudioCoast, we specialise in helping Australian businesses defeat Cloud adoption challenges and transition their systems to the Cloud safely and securely. If you’d like to learn more about Cloud security or how we can help you, get in touch with us today.

Cloud Computing Regulations in Australia

According to analyst firm, Frost and Sullivan, the Australian Cloud services market is expected to grow to $4.55 billion by 2018. This is almost quadruple the $1.23 billion in revenue that the market generated in 2013, as stated in the 2014 State of Cloud Computing in Australia report. The reason companies are choosing Cloud services such as, Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), and Platform-as-a-Service (PaaS), is because of the cost savings associated with moving to the Cloud; on average organisations are saving 12 percent in IT costs.

Cloud Security Concerns for Australian Businesses

Australian businesses have been slow to adopt Cloud technology. The Australian Bureau of Statistics conducted a survey on paid Cloud computing in Australian business and found that less that one in five Australian companies reported using a paid Cloud service. Among enterprises, security breach topped the list of reasons why companies are slow to adopt the technology, with 19% of this group citing uncertainties about the location of data as a reason.

The Frost & Sullivan report also confirmed that security concerns are still a major roadblock when it comes to companies considering a move to the Cloud. The report found that 38% of organisations are more concerned about IT security since adopting Cloud computing and security was still a major factor impeding growth of the Australian Cloud services market. This report cited these three main security concerns:

  • Relinquishing control over key business processes and data
  • Risks around disaster recovery
  • Reliability of back-up services

Concerns for Each Type of Cloud Service

As a provider, we are concerned that there is still such a concern surrounding the security of Cloud computing, so we are here to help qualm any fears. In this blog, we will focus on the issue of relinquishing control over data, the privacy issues encompassing this and Cloud computing regulations in Australia. Migrating to the Cloud and relinquishing data in some instances means giving your data to a provider who may store your data in an offshore location, in a country that may have privacy laws that are less stringent than that of Australian laws. But before we delve into the Australian Privacy Laws, let’s look at what the actual concerns are and how they relate to each type of Cloud service.

Privacy concerns can differ depending on the nature of the particular Cloud service – SaaS, PaaS, or IaaS. The degree of concern for privacy is determined by how much access your service provider has to your data, as well as where your data will be stored. If your data stays with you, the customer, then there may be less concern, but if data is in the possession of the service provider, then you must ensure that your vendor complies with Australian Privacy Laws.

For instance, in an IaaS model, the data may not be transferred to a vendor and may stay with the customer. The customer takes ownership of the liability for the privacy of the information of this data. In a managed SaaS scenario, if the provider manages the data, the provider is responsible for complying with Cloud computing regulations in Australia, to ensure that the customer’s data is secure.

What it really comes down to is that when you are determining the best Cloud solution for your business, if it involves moving your sensitive data to be managed by a Cloud provider, possibly in an offshore location, make sure you know where the data is being stored and if the provider complies with Cloud computing regulations. Before we cover what to research when looking for a Cloud provider, we’ll cover exactly what the Australian National Privacy Act is.

The Australian National Privacy Act regulates the collection, holding, use, and disclosure of personal information.

Australian National Privacy Act (1988)

The Australian National Privacy Act regulates the collection, holding, use, and disclosure of personal information. Any private or public sector organisation, including Cloud providers, need to comply with 13 principles that regulate the collection, holding, use, and disclosure of personal information.

What Does the Privacy Act Cover?

Australian Privacy Laws make it difficult for Cloud providers to move sensitive information and store it outside of Australia. The Act regulates how organisations collect, store, secure, and disclose personal information. The National Privacy Principles (NPP) set out in the Act are designed to ensure that organisations holding personal information about people handle it responsibly, as well as take the steps necessary to protect the personal information it holds. This ensures that they also have thorough security Service-level Agreements (SLAs) in place that define audit rights, reporting, data location constraints, and access right provisions when cross-border disclosure of personal information are involved – when data leaves Australia. Cloud providers will focus on two key principles:

APP8: Cross-Border Disclosure of Personal Information

The Australian Privacy Principle 8 regulates the disclosure and transfer of personal information by an agency or business to a different entity (including a parent company) offshore. Before an Australian Cloud provider discloses personal information offshore, it must take reasonable steps to ensure the overseas recipient will comply with/not breach the APPs. This can be done by appropriate contractual provisions. The Australian Cloud provider will remain liable for the personal information, in most cases.

APP11: Security of Personal Information

Australian Privacy Principle 11 requires that an organisation must “take reasonable steps to protect the personal information it holds from misuse, interference and loss and from unauthorised access, modification or disclosure”.

Customers are concerned about their security and privacy in the Cloud.

Why Are Customers Still Concerned about Security and Privacy?

If your Cloud provider is based in Australia, rest assured that your provider must comply with the Cloud computing regulations in Australia, put in place by the government. You should, however, be aware if your provider has a data centre outside of Australia and whether the country in which it resides complies with the Australian Privacy Laws. If you’ve selected a Cloud provider that is based outside of Australia, you will want to research the privacy laws of the provider’s country as well as the countries where its data centres are located. In this instance, you should pay special attention to whether or not each particular foreign government has the right to access your data. Luckily, regulations in Australia make it difficult to move sensitive information to Cloud providers that store data outside of Australia, so the key is to find a trustworthy Cloud provider. When searching for a Cloud provider, keep security top of mind and make sure you uncover the answers to the following questions before you sign a Service Level Agreement.

What to Ask Your Potential Cloud Provider

When you research Cloud providers, make sure that you ask the following questions when negotiating an agreement:

  • What information will be placed in the Cloud – personal, confidential, customers, employees?
  • What are the regulatory issues that your company must comply with and how they can support this?
  • Where are the vendor’s data centres located and what foreign laws apply to the data?
  • What is their disaster recovery process to protect/recover your information?
  • What is their reputation for complying with the Cloud computing regulations in Australia?
  • Who holds ownership of the data in the Cloud?
  • How do they manage security breaches and what are their disaster recovery methods?
  • What is the process in the event that you need to transfer your data?
  • Will your provider do anything with your data for their own purposes?
  • Who can access your data? Do they have strict policies in place as to who can access your data?
  • Is your data separate from other clients? How is it separated?
  • Who owns and has access to backups?
  • What regulations do they adhere to?

Lastly, remember that as a business, it’s your responsibility to get consent from any of your customers whose personal information you will be collecting. If you would like more information on how we can help you migrate to the Cloud, contact StudioCoast today. StudioCoast has been helping Australian small businesses with their hosting needs since 2002.

Windows Server 2003 – End of Life

What’s happening?

Microsoft has announced that Windows Server 2003 will be entering End of Life in July 2015.  This means that after July this year, Microsoft will stop providing support to Windows Server 2003; no more updates, patches, troubleshooting assistance or security fixes.  This change is worldwide.

What’s the big deal?

It’s the lack of security fixes that is of biggest concern.  Microsoft would intermittently release security fixes as it became aware of various vulnerabilities in the software.  As Server 2003 enters End of Life, this will leave the software (and those still using it) extremely susceptible to hack attempts.  Even though the software has been around for some time, there will still be security vulnerabilities that Microsoft are not aware of.  There will be hackers out there, sitting on these vulnerabilities in the software just waiting for July to roll round.

We believe this is an unacceptable risk and this is why StudioCoast have decided that it will no longer run Windows Server 2003 after July and will be migrating to a newer software.

What does it mean for me?

For some customers with simple websites (just basic HTML) there will be no difference at all.  More complex websites designed to run solely on IIS6 (Internet Information Services) could have some content that will not work after the migration.  If you’re using Windows Server 2008 (IIS7) or Windows Server 2012 (IIS8) and above you will not be impacted.  If you are unsure of what version of Windows your website runs on please contact us.

Rather than it just being a big surprise that your website doesn’t work post July, StudioCoast can create a duplicate test website to enable you to check for any problems ahead of time.  You can then liaise with your web developer to amend the website to work in the new environment.

Don’t worry, it’s not all doom and gloom.  There are definitely some benefits to the change, including: enhanced security, greater stability, increased speed, friendly URLs as well as being able to take advantage of new technology and future-proof your site.  Microsoft have some fantastic resources going into greater detail about the whys and wherefores of this change. Check out the Microsoft Windows Server 2003 End of Life website if you’d like to know even more.

So how much is this going to cost?

StudioCoast will not be charging customers for creating a duplicate test website or for migrating to the newer version of Windows Server.  Your website developer may charge for any changes that need to be made to your website.

How long do I have?

The process of duplication, testing and editing will obviously take some time.  July does seem pretty far away but it will be here before you know it.  We will be migrating all current Windows Server 2003 customers in July (even if you haven’t had a chance to test your website); it’s much better to be prepared and have enough time sort out any issues well before this deadline.

What do I do now?

If you’re unsure what the migration will mean for you or if you are wanting to take advantage of the duplicate test website, please raise a support request by logging into your hostControl account or send an email to support@studiocoast.com.au.

Copyright © 2002 - 2015 StudioCoast Pty Ltd   |   ABN: 53 143 039 070