Cloud security is in a weird spot right now. When it comes to public opinion on the quality of cloud security, there are mixed reviews. 22% of enterprises ranked security as the number one cloud computing benefit, but 31% also identified it as the most prevalent cloud challenge. (Clutch) Why is this?
This tends to be due to a lack of knowledge about cloud computing. While it’s definitely more ingrained in the business world today, “cloud computing” continues to be just a buzzword for some organizations. It’s time to change that.
The Disconnect
Cloud computing, at the most basic level, refers to computing resources, like servers or software, offered to businesses via the Internet. When that’s all a business hears though, its team might think: “Well, anyone can access the Internet, so anyone can access my data if it’s in the cloud.”
This is where there’s a disconnect. Just because businesses access their resources through the Web doesn’t mean their data is suddenly available to everyone. In fact, it’s still stored in a data center on physical equipment – this side of it is just managed by a cloud provider, like RapidScale, rather than the business itself. And guess what? These facilities are equipped with plenty of security measures. Cloud computing infrastructure tends to include sophisticated monitoring systems, multi-layered security safeguards, and central management. RapidScale’s physical and network security actually includes all of that and more.
The Fault
Interestingly enough, Gartner predicts that by 2020, 95% of cloud security failures will actually be the customer’s fault, not the cloud provider’s. Think about this: cloud providers have to invest heavily in security if they are going to hold sensitive data on their servers and maintain customers at all. Therefore, today’s cloud services are highly resistant to attack and are actually more secure than traditional in-house setups. There’s really no significant evidence stating that cloud providers are less secure than an organization itself. And while you may reference highly publicized cloud breaches from recent years, these are either part of the minority, or they were due to vulnerabilities that were not the provider’s fault.
For example:
- The Target breach that occurred a couple years ago was caused by hackers stealing a third party’s login credentials. This third party had been given access to Target’s network.
- A similar Home Depot incident was almost identical, with hackers stealing a vendor’s login to access the network and use malware to sidestep the antivirus software.
- And remember the Apple iCloud hack? This one even indirectly occurred when hackers accessed celebrity accounts using brute force and phishing. (Tripwire, Inc.)
Interesting, right?
Think About It This Way…
The main barrier here is that humans hate to let precious data live in a place we can’t see it, but think about it using industry expert David Linthicum’s comparison: “Using the cloud is like putting your money in the bank versus under your mattress. Even though your money, or data, is not on-premises, the bank will do a much better job protecting it because it has vaults and security cameras, more than what a single enterprise company can do.”
That’s exactly it! And if a business feels that it needs to bring on additional protections on its end to feel more confident, that’s a common move. In fact, 75% of enterprises adopt additional security measures beyond what cloud computing providers offer. The top three are data encryption (61%), identity access policies (52%) and regular audits (48%). In this way, organizations are somewhat filling in the blanks and they end up spending less than they would if they implemented it from scratch entirely in-house.
Despite security concerns, 64% of enterprises agree that cloud infrastructure is more secure than older legacy systems. This is great step forward for cloud computing.
This post was originally published on RapidScale CloudUniversity. You can find it here.