Download - Can You Trust The Cloud? - ADMIN Magazine€¦ · Can you trust ‘the cloud’? ... Understanding the vulnerabilities ... Cloud computing Cloud computing offers a new and powerful


Everything you need to know about cloud security.

0800 458 4545

Can You Trust The Cloud?

Can you trust ‘the cloud’?............................................................................................................................................................

Understanding the risks of ‘the cloud’....................................................................................................................................

Is it all just bad press?...........................................................................................................................................................

Understanding the vulnerabilities...............................................................................................................................................

Compliance and legislation...................................................................................................................................................

How to protect your data in the cloud........................................................................................................................................

Choose the right cloud.................................................................................................................................................................

Public cloud...........................................................................................................................................................................

Private cloud..........................................................................................................................................................................

Hybrid cloud..........................................................................................................................................................................


Cloud buyers checklist.................................................................................................................................................................


Appendix 1 – Sony PlayStation Network data breach............................................................................................................

Appendix 2 - Amazon EC2 Service downtime........................................................................................................................















Leave IT to UKFast call us today 0800 458 4545 or visit

Best Business Hosting Provider

4 TIMES WINNERCorporate Social


WINNERBest Business

Customer Service



0800 458 4545

Leave IT to UKFast call us today 0800 458 4545 or visit

Best Business Hosting Provider

4 TIMES WINNERCorporate Social


WINNERBest Business

Customer Service



0800 458 4545

Cloud computingCan you trust ‘the cloud’?

Cloud computing offers a new and powerful IT strategy that can make systems

leaner, more agile and cost effective whilst freeing up IT expertise and resources.

Organisations also benefit by moving from a fixed to a dynamic working infrastructure,

providing greater flexibility to respond to market changes without any

capacity limitations.

The cloud has revolutionised many business processes, vastly improving

communications, collaboration, and efficiency. It is trusted to house sensitive data such

as personnel details, customer details and supplier information.

The cloud offers variable cost structures, state-of-the-art infrastructure and the

latest software, without the risk of heavy investment and eliminating under-utilised

infrastructure. The advantages have attracted many businesses to move to the cloud to

support their cost-reducing strategy. Forecasts have shown that many more will follow;

Forrester has predicted that the cloud computing market is expected to grow from $40.7

billion to $240 billion by 20201.

With many major companies including Apple developing cloud services, it is inevitable

that cloud computing will become a fundamental part of our IT infrastructure.

This must-have service model offers all of the benefits that are top of the agenda for

IT decision makers; however, not all clouds are equal. Some clouds unfortunately do

not cover their biggest concern; the safekeeping of their business data and very few

providers offer water-tight guarantees and service level agreements. This means that

if you make the wrong choice, your data can be at risk and the standards of support

available will fall way below the expectations of most businesses.

The considerable advantages of cloud computing make this technology extremely

desirable. So, how do you choose the right infrastructure?

IT decision makers must choose a provider that delivers the correct controls, protection

and transparency needed to help protect data and avoid data loss, leakage, downtime

and risk of online threats.

Cloud computing has transformed IT infrastructure with innovative virtualisation technologies. Through the Infrastructure-as-a-Service model it has revolutionised the way businesses operate.

The cloud removes the complexity of managing IT infrastructures, increasing performance and security levels, as well as reducing costs when setup correctly.

Key benefits

■ Enhanced security and data protection

■ Infinite scalability

■ Reduced capital expenditure and maintenance overheads

■ Increased performance

■ Greater business flexibility

Page 3

Leave IT to UKFast call us today 0800 458 4545 or visit

Best Business Hosting Provider

4 TIMES WINNERCorporate Social


WINNERBest Business

Customer Service


0800 458 4545


Cloud securityUnderstanding the risks of ‘the cloud’

The majority of research supports a sharp growth in the adoption of cloud computing.

However, a recent survey conducted by Kapersky indicates that 62% of IT managers

claim security issues are an obstacle to the increased adoption of cloud computing.2

The main factors for concern include:

1. Data security Accidental release of protected data

User authentication

Access control

2. SLA guarantees Service outage

Loss of control



Uptime & availability

3. Job losses

It is unsurprising that their main concern is data security. With many online threats and

frightening news stories, the cloud becomes a daunting place to store your business

data if you don’t fully understand it.

In reality, a cloud solution can offer the same levels of high security afforded to more

traditional dedicated server solutions, providing you know what to specify.

The Information Systems Audit and Control Association (ISACA) has stated that the

number of security threats on the internet appears to be increasing; its investigation has

shown that online threats and attacks are becoming more commonplace and increasing

in complexity and sophistication.

Understanding the risks, vulnerabilities and the very latest layers of defence available

is crucial when choosing a cloud hosting provider. It is imperative that your solution

incorporates advanced data security and redundancy provisions. Whatever solution you

have, security must be top priority.

UKFast offers end-to-end security solutions that protect your sensitive business data from viruses, and online threats. Our proactive security solutions dynamically monitor your solutions to catch any security risks and respond to security threats with controls that will protect your business.

As a member of the Cloud Industry Forum, UKFast puts great importance on data security.

Network protection

Hardware protection

Software protection

Security standards

Must have protection

Dedicated managed Cisco ASA firewall

Intrusion detection system

McAfee Active Virus Defence

Annual security audits

DDoS protection

Page 4

Leave IT to UKFast call us today 0800 458 4545 or visit

Best Business Hosting Provider

4 TIMES WINNERCorporate Social


WINNERBest Business

Customer Service


0800 458 4545


Is it all just bad press?

Cloud computing has recently suffered major PR nightmares, with the downtime of

Amazon’s Elastic Compute Cloud and the Sony PlayStation Network data breach.

These data security issues have fuelled concerns that cloud computing is inherently

unsecure and unreliable.

The more popular a service is, the more of a target it becomes to hackers, and with

hundreds of websites being affected by downtime or theft of data, it will almost certainly

make the headlines. This was indeed the case for Sony PlayStation when it recently

suffered the biggest ever security breach on record (see appendix 1).

In truth, cloud services aren’t necessarily more risky or less secure than maintaining

applications and data in the corporate data centre. In fact, some experts still believe

that the cloud provides greater security to enterprises, but this depends on their

technical makeup.

But, is the cloud more secure than your in-house IT infrastructure? The answer

can most certainly be yes, if the cloud is built properly. IT outsourcing allows you to

take advantage of enterprise class IT without the need for costly upgrades, server

management or maintenance. And with leading cloud providers offering expert technical

services, business class security technologies, 24 hour monitoring and support

outsourcing to a reputable provider can release you from the day-to-day IT issues that

so often impede business progress.

Understanding the vulnerabilities

IT infrastructure of all types will continue to remain vulnerable to online threats and

failures. Hackers will constantly evolve their processes to attempt to bypass the latest

security patches and infrastructure is often labelled as the weakest link due to its

complex set-up and technology. Therefore having additional protection, redundancy and

monitoring in place mitigates the risk. Amazon recently fell victim to infrastructure failure

due to poor setup; a section of its cloud failed which caused extreme downtime for their

clients (see appendix 2).

According to Jim Reavis, executive-director for the Cloud Security Alliance (CSA),

“as more firms switch to third-party cloud computing infrastructure solutions, the need

for adequate security provision will increase - simply because there will be a greater

number of security loopholes for cybercriminals to exploit”.3

This statement highlights the need to partner with progressive cloud hosting providers

that build in layers of control and protection to mitigate the risks of online threats.

Private cloud testimonials

“A private cloud means we are able to call upon more capacity when we need it without suffering any degradation in performance, which is critical to our clients. It means we can grow and grow and grow without having to change our platform or our architecture every time we bring on a new client or several large clients.”

Andrew Milner, development director at Gecko.

“Instead of having to outlay for the provision of new equipment and new servers when they know the campaign is only running for three months, they can scale up, pay for that particular amount of time, then scale back to their normal amounts.”

Jonathan Whiteside, founder of Building Blocks.

>> Use the checklist on page 10 to ensure your cloud solution is properly secured.

Leave IT to UKFast call us today 0800 458 4545 or visit

Best Business Hosting Provider

4 TIMES WINNERCorporate Social


WINNERBest Business

Customer Service


Page 5

0800 458 4545


Compliance and legislation

The latest security issues have boosted a case for compliance and legislation to

effectively oversee the cloud hosting environment.

“You cannot be sure if data is accessed just by you and no one else – you don’t

know if it’s protected or not. You almost know nothing, and this is the reason why it’s

really important to create some legislation ruling,” said Mr Nikolay Grebennikov, chief

technology officer at Kaspersky.

To protect your business, you should insist that your cloud service provider offers

visibility into security processes and controls to ensure confidentiality, integrity, and

availability of data.

This view is shared by IT and security leaders, who were surveyed in the 2011 Global

State of Information Security Survey by PricewaterhouseCoopers. They identified

compliance (34%) and regulatory compliance (33%) among the top five business issues

that will drive information security spending in their organisation in 2011.4

A code of practice has been established by the Cloud Industry Forum (CIF). Its mission

is to improve transparency of cloud services to help provide end users with confidence

when choosing a provider. The forum guidelines will allow cloud hosting providers to

demonstrate their ethics, practices and processes. Maintaining a protocol will support

the growth of this IT infrastructure and encourage providers to preserve a minimum

standard of security and service.

How to protect your data in the cloud

Security breaches will continue to feature in the press, hackers will continue to target

high profile databases and technology will always have the potential to fail. A move

to the cloud requires caution, vigilance, planning and design with full system backup

and redundancy.

Supplier transparency and maintaining some control of your infrastructure and design

can help to ensure that you understand your cloud architecture completely.

Companies also face legal proceedings and penalties by promising more than they can

deliver. If a company is vague, its biggest threat is bad publicity when a hacking attack

or a technical error exposes customer information.

UKFast service level agreement

UKFast’s service level agreement is a demonstration of our continuing commitment to the very highest standards of customer service, support and care. Our UK based technical assistance gives you 24/7 support.

100% network availability

15 minute rapid response promise

24/7 reboot guarantee

1 hour hardware replacement guarantee

Lifetime warranty on parts and labour

24/7 emergency support

Leave IT to UKFast call us today 0800 458 4545 or visit

Best Business Hosting Provider

4 TIMES WINNERCorporate Social


WINNERBest Business

Customer Service


Page 6

0800 458 4545


Benefits of outsourcing to UKFast

“Having a cloud solution makes you think a lot more about security than perhaps you

would if you were running it in-house. With a cloud solution we are thinking longer and

harder about how we can secure those solutions for our customers,” said Jonathan

Whiteside, founder of niche technical agency Building Blocks, whose clients demanded

the flexibility of a cloud solution but had concerns over security and data protection.

“We’ve addressed those concerns by making sure we think about every possibility

before we deploy the solution. How are we going to deploy the solution? How will

we access the solution? We make sure things have secure, long passwords. Neither

Building Blocks or our clients have experienced any security problems associated with

the private cloud.”

The risks will not prevent organisations from moving to cloud-based strategies but more

security and resilience need to be factored in when choosing a cloud provider.

Choose the right cloud

Public cloud

Public cloud computing utilises virtualisation technologies, allowing cloud hosting

providers to segment their servers to take advantage of economies of scale. Your data

will essentially be stored on shared SAN storage that will also house the data of other

companies. Public clouds are appropriate for certain applications and certain sizes of

organisations only. It is therefore important to fully appreciate the benefits and risks in

order to make an informed decision.

The public cloud reduces your level of control and increases your level of risk; it is

inherently beyond control of the end-user, which presents an increased chance that

your data can be compromised.

The major limitation of the public cloud is that the end users will share processing

power, switches and security applications such as firewalls. This therefore makes the

public cloud unsuitable for high traffic websites, business critical application hosting and

sensitive data.

The recent high profile cloud security breaches have all been associated with the public

cloud. Sharing resources comes with its own risks, as your data can be governed by the

usage and practices of the companies that you share with.

The public cloud does however deliver substantial cost savings and is particularly

suitable for low load websites and applications housing unrestricted information.

Outsourcing your IT infrastructure to the public cloud also allows business users of all

sizes to gain access to advanced infrastructure at a very low cost.

Reduced capital expenditure

Increased ROI

Affordable monthly payments

Enterprise class hardware

Performance optimised network

Increased availability

Advanced data centre security

Built-in business continuity

24/7/365 expert IT support

100% system compliance

Rapid scalability and deployment

100% carbon neutral

>> Use the checklist on page 10 to ensure your cloud solution is properly secured.

Leave IT to UKFast call us today 0800 458 4545 or visit

Best Business Hosting Provider

4 TIMES WINNERCorporate Social


WINNERBest Business

Customer Service


Page 7

0800 458 4545


Private cloud

The private cloud is ideal for businesses; it delivers all the advantages of the public

cloud but in an isolated environment. Private clouds do not share security or processing

resources, meaning all resources are dedicated to your environment and secured

behind dedicated firewalling. This isolation from other network users is crucial for

maintaining high performance, high availability and maximum security.

The private cloud also utilises virtualisation technologies to allow you to consolidate all

of your under-utilised physical hardware on to virtual machines, therefore reducing your

capital expenditure and maintenance costs.

All layers of security and control that are available on a traditional dedicated server

solution such as encryption, passwords and firewalls can be incorporated into a private

cloud; giving your solution the advantage of increased security, performance and

availability, with decreased operational overheads.

Gecko, a digital campaign management company, recently adopted a private cloud

solution to enable them to deal with spikes in traffic during clients’ campaigns. “It gave

us the capacity and flexibility that we needed, particularly for clients when they are in

cycles of campaign activity,” said Andy Milner, Gecko’s development director. “Security

is critically important to us and we’ve not compromised on that with a private cloud.”

Hybrid cloud

The hybrid cloud delivers a combination of dedicated hosting and private or public cloud

hosting. Providing you with greater flexibility and additional capacity when required,

hybrid clouds are well suited for businesses with seasonal peaks or marketing driven

spikes in traffic. Offering a cost effective solution, a hybrid cloud ensures that your

services can meet these periodic traffic demands whilst maintaining control, visibility

and data protection.

In short, a hybrid cloud combines the ultimate security of a dedicated hosting solution

with the elasticity of cloud computing.

Our commitment to you

■ UKFast aims to deliver a broad range of value for money products and services to meet all your key business needs, and respond to your changing circumstances and requirements.

■ UKFast is committed to providing total quality and aims for 100% performance 24-hours a day.

■ UKFast is committed to providing the very best quality of low latency and reliable service at all times.

■ By constructing the network to the highest specifications, UKFast achieves absolute reliability.

■ UKFast believes that consistent superior customer service is a critical element in attracting and retaining customers.

■ UKFast makes significant investments in staff motivation and provides its staff with technical and administrative training programmes.

Leave IT to UKFast call us today 0800 458 4545 or visit

Best Business Hosting Provider

4 TIMES WINNERCorporate Social


WINNERBest Business

Customer Service


Page 8

0800 458 4545



New and exclusive to UKFast,

MyCloudStack is the latest evolution in

cloud technology - a private cloud-in-

a-box. Developed in collaboration with

Microsoft and available on Hyper-V

and VMware, MyCloudStack offers

the highest standards of protection

available in a cloud environment.

MyCloudStack is a private cloud

hosting solution that provides you with

the controls, privacy, protection and

availability that your business needs.

MyCloudStack is designed to offer you

a flexible package built to your exact


MyCloudStack encompasses:

Defence layer

Performance layer

Virtualisation layer

Storage layer

Backup layer

Monitoring layer

MyCloudStack allows you to take advantage of the strengths of cloud computing with

added data security, performance and redundancy. Managed defence layers monitor

your private cloud for any hacking attempts and alert you to any signs of cyber-crime

that could affect your business.

Offering you the best protection for your business, MyCloudStack incorporates

premium security features to reduce any chances of your business falling victim to

an online attack. This can include:

Redundant pair of dedicated managed Cisco ASA firewall with Security Plus license

Intrusion detection system

McAfee Active Virus Defence

Annual security audits

DDoS protection

What makes UKFast different?

UKFast started operations in 1999 as a trade supplier of bandwidth.

Nowadays this means we have strong relationships with bandwidth providers offering high quality bandwidth.

Our global connectivity is second to none.

Two main data centres in the UK are Telehouse in London, and MaNOC in Manchester. These facilities house some of the top

peering points in the UK and Europe. Having your servers located at either

of these sites means your UK customers are able to view web pages faster than they could, just about anywhere else in Europe.

We invest heavily in our network and deliver on our promise to never oversell space.

All core equipment and circuits run well below capacity, ensuring optimised conditions for server hosting.

We aggregate bandwidth from seven top tier providers including Verio, Level 3 and AboveNet.

>> Use the checklist on page 10 to ensure your cloud solution is properly secured.

Why the best companies choose UKFast

■ Data centre location, 2 x direct fibre links to the hub of the internet (Telehouse) with dark fibre redundancy

■ Accreditations – ISO9001, ISO14001, ISO27001, PAS2060, PCI Compliance

■ Certified Level 3 engineers manning the support desk

■ 24/7/365 UK based support – round the clock HQ & on-site DC engineers

■ 3 rings policy + 15 min rapid response + 1hr hardware replacement guarantee

■ Managed firewall for all clients

■ Intelligent backup – secure, effortless full state system backups

■ Proactive uptime monitoring – continuous monitoring with engineer & client alerts

■ Award winning – ISPA Best Hosting Provider 4 consecutive years, ISPA Best Business Customer Service, ISPA Best CSR

■ High grade bandwidth, optimised for web acceleration

■ 100% network uptime guarantee

Leave IT to UKFast call us today 0800 458 4545 or visit

Best Business Hosting Provider

4 TIMES WINNERCorporate Social


WINNERBest Business

Customer Service


Page 9

0800 458 4545


The tailor-made hosting solution allows you to quickly feed into cloud reserves, gain

maximum flexibility and reduce costs by choosing your exact requirements.

Being able to mix and match components allows you to balance levels of availability

with security concerns and price.

In addition, because it sits on the UKFast high performance business network, you

get the added benefits of increased network security. Offering enhanced firewalling,

advanced connections, resilience and speed, UKFast provides the most robust network

with certified security assurances.

UKFast is ISO 9001, 14001 and 27001 accredited and PCI DSS compliant. With strict

information security protocols, your systems are protected around the clock in our

secure data centres with access to technical support 24/7/365.

Don’t let your business become a soft target to cyber criminals; ensure that your

sensitive business data is protected with MyCloudStack.

Call our solution experts on 0800 954 0899 to discuss the possibilities now.

Or to learn more about our solution visit

Technology partners

Page 10

0800 458 4545


Key features to look for when evaluating a private cloud hosting provider.

Solution Protection:


Hardware Protection:

Software Protection:



Security Standards:

Network Security:


Managed Cisco ASA FirewallDashboard alert control centreIntrusion detection systemDDoS protectionServer clusteringServer replicationMonthly performance reportsSafeDNS

Server maintenance and patch updatesProactive monitoring Hardware SLAUK based data centresAnnual security auditsLatest generation Dell and HP servers

McAfee Active Virus DefenceSecurity patchesIntelligent burstable backupCapacity Threshold Monitoring®

Juniper front edge routerCisco anomaly detection and traffic analysis100% network uptime guaranteeSelf healing network Tier 2 classified data centres2 x direct fibre connection to Telehouse London100% carbon neutral hosting

Webcelerator™ caching technologyLayer 7 dedicated load balancingRapid scalabilityHighly resilient SAN storage

Level 3 qualified support engineers24/7/365 helplineCalls answered in 3 ringsCall centres 100% UK basedFully manned data centres 24/7/36515 minute rapid response promise1 hour hardware replacement guarantee

ISO 9001ISO 27001PCI DSS compliantCIF membership

Leave IT to UKFast call us today 0800 458 4545 or visit

Best Business Hosting Provider

4 TIMES WINNERCorporate Social


WINNERBest Business

Customer Service


Leave IT to UKFast call us today 0800 458 4545 or visit

Best Business Hosting Provider

4 TIMES WINNERCorporate Social


WINNERBest Business

Customer Service


Page 11

0800 458 4545


Appendix 1

Sony PlayStation Network data breach

The Sony PlayStation breach has been reported as the biggest ever security breach in history, internet experts are calling this one of the largest data thefts on record. Hackers gained access to the PlayStation network by installing a communication tool through a vulnerability in the application server to then establish an intrusion route. The compromised data included personal contact information, date of birth, passwords, card details and also direct debit information. The hackers’ goal is to learn information about people and exploit it to their advantage.

Sony PlayStation customers are now at the peril of spam emails, and the threat of their details being sold to other parties. They have been urged to be vigilant when receiving correspondence from their banks and also to ensure that passwords are changed at the earliest opportunity.

Surprisingly Sony’s customer base has been quite forgiving; the PlayStation gamers have been reported to understand the technological implications and the ferocity of hackers therefore giving Sony the benefit of the doubt. However credit card companies haven’t been so lenient of the situation, as they have indicated that they are facing a possible cost of $300 million to replace the cards used on such accounts. Sony are now forensically analysing how the attack was conducted to help them to enhance their data security policies and ensure that the correct preventative measures are in place to avert further attacks.

Could the Sony Network breach have been avoided? Critics have stated that Sony could have prevented the breach or at least made it more difficult for hackers to gain access. It has been pointed out that Sony could have certified their network security by carrying out regular security audits and penetration tests to identify vulnerabilities that could have been patched to stop the attacks from occurring.

One thing no business owner wants is to expose his client base to online threats. In this fragile economic environment it is imperative that every precaution is taken to lock-down sensitive information to protect brand equity and your bottom line.

Appendix 2

Amazon EC2 Service downtime

Amazon also cast a bad shadow on the cloud with a significant system outage of their public cloud due to an infrastructure issue. Amazon’s datacentres suffered major downtime that caused extensive disruptions to websites around the globe. Their client base incurred huge losses due to the interruption of their services which for some lasted hours whilst other websites were offline for days. This downtime also affected dozens of high profile companies including Quora, FourSquare and Reddit.

Their infrastructure fault came about due to a traffic shift that was executed incorrectly. Traffic was routed onto a lower capacity network which couldn’t handle the level of load that it was receiving causing it to fail.

The crash has not only taken the websites offline, but has also destroyed a large amount of client data. This outage has reinforced concerns that the cloud cannot offer adequate security and stability.

Having correct hardware protection could have avoided this disaster. Capacity Threshold Monitoring and Proactive Uptime monitoring facilities would have alerted Amazon to the traffic issue in time for them to shift the load or increase their capacity before it had an impact on their services.

ISO 9001, ISO 14001, ISO 27001

Best Hosting Provider

Last year we helped more than 4000 businesses double their traffic. Let us put you first. Call today.

Leave IT to UKFast call us today 0800 458 4545 or visit

Best Business Hosting Provider

4 TIMES WINNERCorporate Social


WINNERBest Business

Customer Service


Page 12

0800 458 4545


Page 13

0800 458 4545


Leave IT to UKFast call us today 0800 458 4545 or visit

Best Business Hosting Provider

4 TIMES WINNERCorporate Social


WINNERBest Business

Customer Service



City Tower

Piccadilly Plaza


M1 4BT

t. 0800 458 4545

f. 0870 458 4545


e. [email protected]

Copyright 2011 Ltd.

Your future is our business




