Three Cloud Security Myths that Need to Die
NEWS FLASH: The cloud is here to stay. “Microsoft’s cloud business surged during Q2 through the end of 2017. Their commercial-cloud revenue jumped 56% to $5.3 billion, pushing the company’s full year total to $18.6 billion […]”
In comparison, Amazon’s AWS revenue “adds up to $12.345 billion for the first three quarters of the year […]” (Forbes, “Microsoft Throws Down Big Challenge To Amazon: Can You Top $18.6 Billion in Cloud Revenue?”)
The surge in cloud revenue should come as no surprise. The cloud is far less resource-intensive and enables businesses to modernize IT infrastructures faster than ever before. At the same time, the cloud enables businesses to operate with greater agility without the cost and time commitment of an on-premises solution. The value and cost benefits of the cloud have grown to overshadow the many things that once caused apprehension about it. That apprehension towards the cloud was largely fueled by several pervasive cloud security myths.
Here is a look at the top three cloud security myths that need to die:
Myth #1. The Cloud is NOT Secure
The cloud is not inherently less secure than an on-premises server. Cloud platforms have a wide range of security capabilities to offer customers, but different types of data come with different security needs. In some cases, it may not make sense to move your data or IT infrastructure to the cloud. If a majority of the data you manage is both high risk and high value, you may find more control with an on-premises platform. When it comes to moving some or all of your data to a cloud environment, your overarching data security strategy is crucial.
Today’s global cloud leaders are heavily invested in providing their customers with a secure environment to manage their data and IT infrastructure. A multi-layered security system of defense helps them provide high levels of protection for their data centers. Additionally, cloud service providers have cloud security experts on hand to help them quickly address any potential security risks.
However, it is up to you to vet your cloud service provider (CSP), the cloud solution, and the CSP’s shared responsibility model (further explained in the second point).
Myth #2. Cloud Security is the Responsibility of the Cloud Service Provider
While cloud providers have the necessary resources to provide security that does not take the burden of responsibility off the individual business or customer. Different cloud service providers (CSP) will have different cloud service models and service-level agreements (SLAs) to help define the cloud security expectations between the CSP and customer; known as “the shared responsibility model.” Global cloud leaders, AWS and Azure each have their own version of the shared responsibility model.
In a private cloud environment, the subscribing business or organization is responsible for managing security. In a public cloud environment, the cloud provider owns several aspects of the security and compliance requirements, but the customer owns the overall security management and hygiene.
Regardless of the cloud service model you choose or the security services and technologies of the CSP, cloud security must be a priority that a business or customer must proactively manage, whether or not they do so in-house or through an outsourced service.
Myth #3. The Cloud Will Make it Harder to Comply with Data Protection Regulations
In many cases, a cloud service provider can help make it easier to comply with data protection regulations. However, it is important that you vet the cloud service provider and review the solution they are offering to determine whether they will help meet the data security requirements specific to your industry.
This means following all of the listed security best practices, from the shared responsibility model and beyond. You also need to be clear about what data you are storing and where it will be stored to ensure that everything falls within your security and compliance requirements.
Moving to the Cloud with Confidence
"90% of organizations are looking into crafting a cloud strategy." (Network World, "Savings in the Cloud: How to Find Them and When to Make Your Move")
Cloud security concerns still exist, however business leaders are now taking a strategic approach, anticipating and evaluating the risks and managing them with a proactive and collaborative strategy. With multiple layers of defense, organizations will find greater success protecting their data and IT infrastructure in the cloud. Multiple layers of defense will require a layered security policy, training, a thorough understanding of the shared security model, technologies, solutions, and security hygiene practices.
Moving your applications to the cloud requires you to learn new technologies and best practices. The technologies and techniques you have used to manage and secure your on-premises deployments will certainly change when moving to the cloud.
While cloud technologies are similar from the various cloud vendors, each one has its own idiosyncrasies that require a certain level of expertise. It is important to train your existing personnel or hire cloud expertise to achieve the business goals your company has set forth.
Download our new cloud security guide, “The Top 10 Cloud Security Best Practices” today to learn more about the following:
- How to identify potential security risks and vulnerabilities
- The shared responsibility model from an AWS and Azure perspective
- How to approach endpoint security and minimize internal threats