Is it secure? One of the most common questions (even more so than isn’t it expensive) you’ll get asked when you start to talk about cloud computing. It’s all very well talking about the logical security – secure passwords, disk encryption, network encryption, RBAC access etc. but it’s also certainly worth considering the physical security of the datacenter and infrastructure you’re environment is built within (data sovereignty and the security from where it is stored although a worth while conversation is very different to the physical security).
Inspired by a very flashy video from Microsoft I decided to have a look into what information is published for some of the big Cloud players – Microsoft, Amazon and Google.
Microsoft appear to be the most transparent and publish a huge amount of information (they do say they have the most comprehensive security however so maybe that’s why?) and boast about their spending of over a billion dollars (that’s a lot of dollars!) on keeping the physical envirnment for you secure.
As you’ll see in their post here they have gone to great lengths to keep their data centres secure – 2 factor biometric entry, time limited access and least privilege so you only get access to the part of the data centre you need. Impressive stuff and certainly goes to show they’ve spent the time and the money thinking about it.
Amazon are also transparent about the physical security they have in place and have very similar access control and security in place. Details of their security can be found here (although they don’t have a flashy video 😦 )
Google Cloud have published an in-depth white paper on their data centres which includes information on the security and physical access. The white paper can be found here.
So all in all some pretty clever and thought about tech and processes in place to help answer that question of “Is it secure” at least from a physical point of view.