One of the first questions I typically hear from customers about the transition to the cloud is, “Is it secure?”
The question is understandable, as there has been a lot of fear, uncertainty and doubt (FUD) spread across the industry over the past few years. According to an Intermap survey of 250 decision-makers from medium and large companies, 40% of those surveyed who described themselves as “cloud-wary” cited security as their biggest impediment to adoption.
However, much of the negative chatter about cloud security is unfounded, and is simply an extension of what is already being dealt with across the physical infrastructure. So let's take a look at some common statements against cloud, and why they are better classified as myths than truths.
Myth #1: Cloud is riskier than traditional IT
Your infrastructure isn't necessarily more secure just because it is located on-premise. Data breaches, data loss, account hijacking, and denial of service attacks have been concerns since the invention of the mainframe computer back in the 1960s. And whilst it is true that improperly configured cloud resources can result in these types of vulnerabilities, the same can be said of improperly configured physical infrastructure. The key to a secure cloud implementation is working with a competent, experienced provider who makes investing in the strongest forms of networking security, intrusion detection and monitoring services core to their business. In many cases, the security controls an experienced provider can handle may go well above and beyond your in-house IT team's capabilities.
Myth #2: You can’t control where your data resides in the cloud
Heavily regulated industries such as healthcare and finance have controls that dictate where personally identifiable information and protected health information (PHI) can reside. For these types of organizations, it may be (incorrectly) assumed that cloud isn't a viable option due to the assumption that the location of data cannot be controlled. This "cloud myth" is easily discredited by understanding that organizations can choose to work with a provider that operates out of specific data centres in specific geographic regions. Highly regulated organizations can also leverage a private cloud deployment model that provides them with increased control and governance versus the public cloud.
Myth #3: The cloud is not suitable for compliant workloads
As I mentioned above, organizations with compliant workloads can still leverage the cloud; however, a private or hybrid cloud deployment model may be better suited to their needs. A private cloud allows organizations to enjoy the flexibility and scalability benefits of the cloud, whilst still keeping data secure and in their control. A hybrid model provides the added benefit of being able to "burst" to a public cloud for non-compliant workloads such as development and trialling.
In an upcoming live webcast, Compliance and the Cloud: Demystifying the Security Myths, Robert Bath, vice president of global solutions at Digital Realty, and Ian Evans, cloud architect at Carpathia, will be taking a closer look at the security myths mentioned above, as well as demystifying compliance and data protection in the cloud.
The webinar will also cover:
- How factors like choice of cloud deployment model and the location of where data is actually stored impact cloud security and compliance
- How cloud security can be strengthened by compliance with various regulatory requirements
- What audits entail and the costs involved to work with cloud service providers
See you there!
Dave Stinson, Vice President of Sales, Carpathia Hosting