There appear to be two groups of people out there when it comes to cloud security: those who believe that public clouds are systemically unsafe, and those who believe clouds are nigh on impenetrable. Both are wrong.
Both of these cloud security myths are dangerous, and so they need to die.
Kill the myth: if my data is in a public cloud, it’s inherently unsafe
The thinking goes like this: because I can’t see it or touch it, others can steal it.
The fact of the matter is that, if you take precautions—that is spend time picking and implementing the right security services— your data in the cloud will likely be safer than it was in the traditional system where your data came from.
Think about all those breaches in the news over the last several years. Not one has a cloud near it. Why is that? Well, those who put data in clouds usually take time to implement the right security solution.
Cloud vendors have to do that to stay in business and deal with the fundamental connectedness of their systems. IT organisations have to do that to protect their companies, and they can do so more easily and consistently when using systems designed to be secure.
By contrast, traditional on-premises systems typically have outdated security and are not actively operated, so they are more inherently vulnerable.
Kill this myth: public clouds are impenetrable
Nothing is impenetrable, including public clouds that have all of their security capabilities turned on.
Less penetrable does not mean impenetrable, so it would be foolish to just put your data in the cloud and not worry about its protections. It is just that you have more assurance that the protections implemented in the cloud will work.
When it comes to public cloud security, you need to be concerned about matching your security requirements to the available security services. That means you should use identity and access management (IAM), encryption, and perhaps multifactor authentication. If you’ve done all that, you’ve done your job.
The human factor
However, vulnerabilities still exist—typically in the form of human error. That is to say users who share accounts, admins who write passwords on sticky notes, firewalls that are not updated, and all that sort of stuff. Although most security solutions are solid, the security operations are typically where companies fall down, both in the cloud and on-premises.
The degree of your system’s secure depends on your ability to think through and then implement the right security solution, then on your ability to handle your security operations over time.
Cloud security is not black-and-white. It is neither systemically unsecure nor systemically secure. It is really a matter of how you approach cloud security, and, it must be said, how much time and money you spend on it.
IDG News Service
Subscribers 0
Fans 0
Followers 0
Followers