September 26, 2018 by Siobhan Climer
An autumnal golden hue captures the setting sun, which means the crunch of leaves under your shoes and the warmth of a hot coffee in your hands is just around the corner.
With the cardigans and jack-o-lanterns comes a holiday that includes events like ‘Scarefest’, ‘Horror House’, and ‘Ghost Town Trolley’. For some, it is a chance to reckon with the fears that hold sway, which is why we want to take the time to examine the horrors of security in the cloud.
Has the time come when we can finally put these fears to rest?
What’s So Scary About The Cloud Anyway?
Why are CIOs hesitant to adopt the cloud for business?
The fears many business leaders have about the cloud are not completely unfounded.
Zeus Kerravala, founder of ZK Research, an IT Analyst firm, summed up the worries as such:
“You pay for a service and hope it works… Companies have no real control over the hiring policies and security checks that the cloud provider uses.”
So, one of the biggest fears is losing control. Turning over the physical and operational control of your servers is not an easy call. Moving to the cloud means giving up that semblance of control you think you have to a cloud provider.
And when something goes wrong, because things will go wrong, you can’t physically remove the disk and send it to a data recovery service or go into the server and check the network connections. You have to rely on someone else, and that can be a tough decision to make.
Plus, for many businesses, they operate under certain regulations and laws that ensure the data within their servers is properly secured. While the cloud provider may claim they are HIPAA or FERPA or PCI compliant, how can you be certain? Even if they are liable, will your users and customers forgive you if something were leaked?
Is Security In The Cloud A Justified Fear?
So, a lack of control and inability to verify the security and reliability of the cloud makes many CIOs hesitant. Are those concerns justified?
Back to Kerravala: “Most cloud providers probably have better security controls than most companies.”
The reality does not, in fact, match the fear. Giving up control of the security policies can be a tough pill to swallow for CIOs and CISOs, but it’s worth it.
Think of it this way: the public cloud providers offer cloud services to all sorts of organizations, including those that likely have incredibly high security requirements – like the Department of Defense (DoD), Boeing, and the National Oceanic and Atmospheric Administration (NOAA). They all use the cloud in one way or another for functional operability.
Most SMBs don’t support true data center security, which extends across physical, technical, and administrative controls. Guards and video cameras? RFIDs and encryptions? Hiring practices and password security controls? Creating the layers of security necessary to protect your most valuable assets is no easy-undertaking. Plus, it takes a large capital expense to maintain.
You can enjoy the secure cloud infrastructure required by these larger institutions without having to invest in that infrastructure yourself. That’s a win-win for security in the cloud and annual budgets.
Trust And Responsibility: Security In The Cloud
It’s easy to get carried away talking about the benefits of the cloud and forget that it isn’t necessarily better. The cloud is simply another model for computing, and its benefits rely on two principles: trust and responsibility.
Security in the cloud – and throughout your network – is important, which is why you need to work with someone you trust. Managing risk with third-party vendors is an essential skill, and you need to ensure your operational and leadership teams are prepared to perform risk assessments of any cloud providers or vendors with whom you work. Look for organizations that have certifications, like the SAP or SSAE.
Most public cloud providers have excellent security controls in place, but it is up to your organization to set configurations. Security in the cloud is a shared responsibility, and it is vital that your organizational team understands where the business’ responsibility begins and ends.
Security in the cloud isn’t impossible, but it isn’t as simple as clicking ‘Yes, Make The Cloud Secure For My Business’ either. While the public cloud can be more secure than your on-premise data center, it’s still up to you to maintain the configurations and perform security assessments of the cloud provider.
Is the cloud safe yet? The answer varies for each application and business venture, and different facets of your business may be better-suited for cloud computing. Performing a Cloud Analysis Pathway can help your team determine how – and if – a cloud migration is right for you.
Like what you read?
Contact us today to determine a cloud migration strategy for your business.
Mindsight, a Chicago IT consultancy and services provider, offers thoughtfully-crafted and thoroughly-vetted perspectives to our clients’ toughest technology challenges. Our recommendations come from our experienced and talented team of highly certified engineers and are based on a solid understanding of our clients’ unique business and technology challenges.
About The Author
Siobhan Climer, Science and Technology Writer for Mindsight, writes about technology trends in education, healthcare, and business. She previously taught STEM programs in elementary classrooms and museums, and writes extensively about cybersecurity, disaster recovery, cloud services, backups, data storage, network infrastructure, and the contact center. When she’s not writing tech, she’s writing fantasy, gardening, and exploring the world with her twin two-year old daughters. Find her on twitter @techtalksio.