Probably the most commonly cited caution of the cloud as an alternative to on-premises is the idea that cloud increases vulnerability to security breakdowns, data breaches and other malicious external attacks.
Certain industries held out against the cloud alternative much longer than others because of this perception. Perhaps in some ways, the early level of cloud services did not adequately address data and transactional security. Perhaps individual partner responsibilities regarding security were misunderstood.
The notion that moving your operation to a cloud-based environment eliminates your responsibility for security is fallacious. Both you and your cloud services provider have specific responsibilities and capabilities that must be embraced.
Regardless, perceptions related to the cloud and security are evolving. Gartner forecasts continued, robust, accelerating growth of cloud services within the overall IT marketspace over the next several years. Dr. Rao Popolu in a recent posting on Forbes suggests that up to 83 percent of enterprise workloads will be cloud-based by 2020.
The fact is that today, infrastructure as a service (IaaS) providers, platform as a service (PaaS) providers, software as a service (SaaS) providers and other cloud-based options are probably utilizing better security tools and processes than your own internal shop has or had.
The question now is not so much about whether on-premises or the cloud environment is more secure. It is more accurately aimed at determining who specifically bears what responsibilities regarding the security of data, operations and proprietary information. Both parties have obligations in this regard.
Moving applications, platforms or your entire IT infrastructure to the cloud does not remove these responsibilities from the plate.
Securing Data in the Cloud: Responsibilities and Considerations
A recent post on Forbes offers a great primer on securing data in the cloud. Much of this is really common sense, but there are also technical considerations. It is important to involve security-technology-savvy individuals in the cloud discussion from start to finish.
Who does what? The notion that moving your operation to a cloud-based environment eliminates your responsibility for security is fallacious. Both you and your cloud services provider have specific responsibilities and capabilities that must be embraced.
To help you focus your efforts effectively, here are some tips that have been summarized from the Forbes post.
Selecting a Cloud-Services Provider
Like any service offered for sale, there are many alternatives. Evaluation of these alternatives should be thorough and complete. The candidate provider’s policies, processes and technology should all be scrutinized and scored. Input from your key partners, including your auditors, should be sought and incorporated into your decision-making process.
Employing Data Encryption Technologies
Data encryption is at the heart of data security, and your cloud-services provider will likely offer this as part of its service. This does not mean your own data-encryption solution should not be employed prior to moving your data into the cloud.
Additionally, credential management tools represent a critical security element needed to prevent unauthorized access to data and processes. These technologies are evolving quickly, and care should be taken to ensure that your solution is current and effective.
End-User Devices and End-Point Security
Mobility and home-based workers represent two challenges that must be included in the security discussion. End-point security for all devices that access your data and systems as well as network firewalls are required.
The whole bring-your-own-device (BYOD) movement has resulted in a wide diversity of technologies that interface with and extend with an enterprise tech stack. Rigorous adherence to security protocols related to device sharing and access control are essential.
Decide if Cloud Computing is Right for Your Business
The benefits of cloud computing, in its many forms, are undeniable. The knee-jerk reaction that cloud computing means “weak” or “porous” security is unjustified.
If cloud offers benefit to your enterprise, it should be considered. But it is equally important to evaluate the cloud-based computing option with a full appreciation of what it requires.
Security within the cloud is effective as long as both the cloud services provider and user understand and accept their individual responsibilities and execute them accordingly.