Tipping the scales in the cloud: From security risk to security’s friend
Cloud first, that’s the mantra for many organisations today. So, how curious that there was once a time when adoption was not so straightforward.
Many saw the cloud as an experimental technology suitable for nothing more important than storing holiday photos, while others cited security and compliance concerns as obstacles to adoption.
Perceptions have changed. No longer is the mention of cloud met with an instant intake of breath and question about security. In fact, there is an understanding that cloud can make your IT environment even more secure and compliant than the use of on-premise infrastructure alone.
One of the main reasons for this changing perception is experience. Organisations have become less concerned about security as they gain more exposure to cloud services. Equally they have understood that there is nothing to fear from the cloud if they adopt solid security practices; while trying to block cloud adoption will only lead to users bypassing IT, creating bigger security risks.
However, maybe the biggest part of the equation is that the cloud is inherently more secure. There’s no reason to suggest that operating private infrastructure – where you would be responsible for monitoring and patching – would be any more secure than the public cloud and the resources at providers’ disposal.
Looking at the evidence
According to Alert Logic’s 2017 Cloud Security Report, public cloud installations had the fewest cybersecurity incidents of any cloud type.
This is because public cloud vendors invest hundreds of millions of pounds in securing their infrastructure, the benefits of which are passed onto customers. The mega providers have built a data centre and network architecture designed to meet the requirements of even the most security-sensitive organisations.
This allows customers to scale and innovate without the need to pay for the cost of development. In many ways, this enhanced security can be viewed as another type of cloud service. The enhanced security could even be viewed as a type of cloud service in that organisations don’t have to pay the up-front costs of development and have a lower total cost of ownership.
The same could be said of compliance. The advent of GDPR has caused organisations of all sizes to re-assess their cybersecurity measures and how they handle sensitive data, while those in regulated industries are subject to stringent requirements.
Because the big cloud providers manage dozens of compliance programs for their infrastructure, any data stored on the cloud is automatically compliant. In most cases the cloud is not a threat to compliance but makes the process easier.
Most of the providers can also help with data residency. Some jurisdictions, such as the European Union, forbid the transfer of data to territories with inferior data protection roles. While mechanisms such as EU-US Privacy Shield can overcome this, the answer for many organisations is to store information in local data centres.
The cloud providers now have Availability Zones that provide the answer to the vast majority of data residency needs, allowing businesses to firstly choose where their data is located, while also being safe in the knowledge that data is replicated across multiple data centres to protect against natural or technical disasters.
Of course, public cloud doesn’t have all the answers and for certain types of data a hybrid cloud model will be more appropriate. What’s clear though is the scales have tipped; security isn’t the blocker anymore and any many case organisations are turning to the cloud because it provides the security they need in an instant.
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.
- » Alibaba, Google Cloud and Microsoft among inaugural members of cloud security consortium
- » How does privileged access security work on AWS and other public clouds?
- » VMware stokes VMworld fires with Pivotal and Carbon Black acquisitions
- » Five key tips to prioritise the security of DevOps tools and processes
- » Oracle wants to say goodbye to shared responsibility by ramping up autonomous next-gen cloud approach