Q&A | Ben Aylott, Technical Director | 9xb Digital Agency

Q&A | Ben Aylott, Technical Director

Job description
Technical Director – Ben is responsible for all technology decisions at 9xb and today talks about cloud hosting.

How can you determine whether cloud hosting is right for your business?
This is a question you will likely have to work through with your web development team.  If you want to ensure your hosting environment belongs to your company only, then cloud is normally the most cost effective method of achieving this.  It is certainly not as cost effective as some shared hosting plans you have found in the past, however it means that you know and get the exact resources you pay for and these resources can easily scale over time to match your demands.  This might be in number of instances in your configuration, or the size of those instances.  If you have big peaks and troughs, this can even be done dynamically such that you really are optimising costs.  
We tend to find that this is the right option for most of our clients.  Not only do our lower volume clients find this works best for them, but our most active clients are also benefiting from the flexibility of the cloud. 

Can the cloud be easily trialled?
Cloud hosting is typically contracted on a minute-by-minute basis, rather than the long contracts you find with a dedicated environment.  For this reason it's much easier to trial something for a period before committing to the longer term.  There can be a significant amount of time required to set-up a website application in a cloud environment, which is the main reason it could be quite costly for a short term option.  9xb have automated processes to ensure these steps are as simple and as quick as possible, which keeps those set-up costs relatively low.  As with many cases, you will still find that longer contracts save you money over time.
Cloud environments, being virtual, are also very portable.  If you decide it was not the right option, it might be as simple as taking a snapshot of your server in order to set it up elsewhere.  This will likely be fuss-free and will typically ensure your application continues to work with very little additional configuration.

What are the main security risks of cloud hosting?
Although cloud hosting is perceived to be insecure, it's not as clear cut as it seems.  The main issue is that your data is stored in the same place as data from many other organisations.  Virtualisation software is applied to segregate each user's storage.  The risk is in this software layer, as this is a vulnerability which doesn't exist on a dedicated platform.  Unfortunately, website applications and software tend to be much more vulnerable than the virtualisation software however, so insecure websites are normally so due to their application architecture rather than the cloud architecture.  This is why 9xb works extremely hard to ensure our applications are as secure and robust as possible.  

What security features should businesses look for in cloud hosting?
The key security feature would likely be protection from a firewall.  If a dedicated hardware firewall is too expensive, a software firewall should be used.  Very few incoming ports should be opened.  Those which should be opened are typically HTTP (port 80) and HTTPS (port 443), however developers will require access to the server via a protocol such as SSH (port 22), although this should be opened to as few IP addresses as possible.  While you may open specific ports for 3rd party access to services, perhaps ERP systems which are talking to your website application, some ports which are typically left open should probably be closed.  Once such port might be that used by a database service, since most database requests are internal.  

Can cloud hosting actually be considered a more secure option?
Certainly in some cases.  Many websites and applications are hosted in dedicated environments, but sharing those environments with other users/companies.  In a cloud setup, your environment belongs to you, albeit a virtual one.

How do you know your supplier can be trusted?
It's important to verify the company which will be hosting your web application.  Are you considering a well known provider which supplies hosting to large organisations in need of tight security, such as financial institutions or FTSE 100 companies?  Is this supplier simply reselling the service, or is it their own architecture?  Does the provider have ISO 27001 accreditation?  These are some of the questions you might ask to get a feel for whether the supplier can be trusted.

Should you back-up your data?
There is a lot of work done behind the scenes to ensure that data is not destroyed, such as large storage arrays and other redundant layers.  Nonetheless, it's always important to ensure you have regular backups.  There are a number of reasons you may want to access lost data, whether it has been unexpectedly deleted, removed intentionally by a user or simply to compare data over a period of time.