As a growing number of software vendors and users embrace cloud-based solutions, it is important to know the basic facts about the cloud security. That is why we decided to compile some of the most common questions when it comes to the safety of your data, the difference between public and private cloud and other questions.
Josip Rodin GIS Cloud security expert and DevOps engineer at GIS Cloud, shared his insights and tips on cloud security, and other important questions. Josip is responsible for the internal processes involving a combination of development and operations, making sure GIS Cloud infrastructure keeps working despite any day-to-day challenges.
1. Is it safe to store personal or business data in the cloud?
In short – yes. Cloud computing presents various information security challenges, however, modern-day industry standards have established clear guidelines and procedures that responsible cloud companies, such as GIS Cloud, regularly employ in order to enhance cloud system security. This includes adherence to strategies such as separation of concerns and domains, multi-layered perimeter defense, and established disaster recovery practices, among others. In case of some cloud customers, the end-result may even end up enhancing the level of data safety, compared to old-style on-premises systems that conform to obsolete information security standards.
2. How are customer data and processes protected from unauthorized physical and logical access?
In GIS Cloud, all customer data is kept on computer systems which are protected from unauthorized access. We are using industry-standard access control systems, from physical machines in the AWS datacenters, to logical access by end users, that are being carefully sequestered so that each user may only access their own data.
All services are run in a way that their infrastructure is dedicated for their specific purposes, with carefully enumerated access vectors, all of which are under their relevant form of access control. This minimizes the chance that an unauthorized access or some other form of intrusion can affect any other user.
3. How is access to the GUI’s and API’s protected?
Each GIS Cloud data storage mechanism is bound to a specific user account and/or API key. Elements of GIS Cloud Maps, such as layers, data sources (files and databases alike), each have their own access control lists which are modifiable only by their owners and which can be specifically shared with other users without compromising access to unrelated data.
We plan to introduce two-factor authentication for administrator and/or high-privilege role accounts in the future.
PUBLIC AND PRIVATE CLOUD (ON-PREMISES)
4. What is the difference between a standard and on-premises (firewall installation) cloud solution?
GIS Cloud also offers a private cloud solution, the so-called “firewall install”, where our software is deployed on the user’s infrastructure, thereby allowing the user a complete control over all of the data uploaded to their systems through GIS Cloud applications. User’s infrastructure in such a case can be hosted both on-premises or even at some other third-party facility, such as dedicated parts of AWS, allowing for any amount of flexibility the user needs.
5. How secure is private cloud?
The GIS Cloud firewall install by default does not maintain any contact with the Internet, allowing the user to be protected from any threats that may arise there.
At the same time, there are software facilities that allow this solution to connect and share data with other data sources, including public GIS Cloud data storages, allowing for a hybrid cloud solution that may best fit the user needs.
BACKUPS AND DISASTER RECOVERY
6. Is there a way to protect cloud backups and secure disaster recovery?
GIS Cloud provides a comprehensive API (application programming interface) that allows users to perform complete backups of everything they’ve ever uploaded to the GIS Cloud platform. In addition, GIS Cloud itself keeps regular backups, that are available for restoration upon request.
Stay tuned for the 2nd part of the interview coming up next week!