Separating Cloud Security Myth from Reality
Although the cloud is being more widely adopted, cloud security remains a top concern among enterprise IT professionals. In recent years, news headlines have been filled with enough stories about compromised data security to drive executives away from networked and cloud solutions and back to the proverbial days of stuffing cash in a mattress.
However, while these high-profile news stories drive much of the narrative around data security, the reality is that the vast majority of network security attacks are far more basic in nature. It’s important for organizations to recognize that threats to a computing environment are always present, and that they need to take a more practical approach to manage against real–not simply perceived–threats.
During my presentation I talked about how some common perceptions about cloud security are misplaced and that the cloud is actually being leveraged to address evolving security threats. One of the biggest misconceptions you hear about the cloud is that data is safer within the four walls of an organization than in the hands of a cloud service provider. But, in reality, there has been no evidence that indicates that cloud service providers have performed less securely than end user organizations. According to a Gartner security report, the recent history of public clouds has demonstrated that brand-name, externally provisioned, multitenant services are not only highly resistant to attack, but also are a more secure starting point than most traditional in-house implementations.
The challenge in today’s security landscape is that the “bad guys” are becoming more clever than ever. Long present software vulnerabilities are increasingly being discovered through programmatic code analysis, and attacks are often complex and involve multiple phases with long periods of dormancy. But the good thing is that the “good guys” aren’t just sitting by while attackers become more sophisticated in their methods. Many IT departments are implementing new approaches such as collaborative security, crowd-sourcing, machine learning and micro-segmentation to safeguard their IT infrastructure and defend against risks and vulnerabilities.
For any organization, it is critical to understand its application portfolio, and plan the organization’s cloud journey accordingly. While a cloud provider should bring deep security expertise, a business cannot simply “outsource” security to a cloud service provider. That’s another big misconception. It is critical to approach the task of establishing and managing security in the cloud as a partnership, as it will require both cloud-based components and elements that live within the enterprise infrastructure to be jointly supported by the internal IT staff and the cloud service provider.
The important thing to remember is to develop a strategic cloud security approach that’s based on the unique needs of your business and IT infrastructure. And choose your provider based on how their expertise complements your own.
To learn more about how to create a secure cloud, download the Gartner report, Clouds Are Secure: Are You Using Them Securely?
David Grimes is Chief Technology Officer, NaviSite. Guest blogs such as this one are published monthly and are part of MSPmentor’s annual platinum sponsorship.