As more and more organizations embrace the migration to the cloud, there are the inevitable questions that arise around its safety. Specifically, enterprises need to know that their data is going to be secure if they choose to embrace a cloud-based model, particularly a public cloud. The biggest myth I hear over and over among customers is that “the public cloud is not safe because it’s easier to attack, and then anyone can access my data.” What we’re seeing, however, is that this statement is simply not true. The simplest way to debunk a myth is to break it apart and look at each component.
MYTH: “The public cloud is not safe.”
TRUTH: When public cloud technology was new, there were concerns that it did not provide the requisite levels of security to keep data safe. These concerns were valid as the technology was not yet proven; however, this is no longer the case. Cloud providers now have years of experience, dating back to the early 1990s when modern cloud computing was first introduced. Over the decades, they’ve fine-tuned data and application access, ensuring strong governance, rights management and systems monitoring.
While the focus for on-premise and cloud-based IT is the same – to ensure application availability and security – cloud providers are able to scale this approach across multiple businesses and geographies. This scale and experience means that public cloud solutions, as long as they are well-managed, can actually prove more secure and reliable than their on-premise counterparts.
MYTH: “The public cloud is easier to attack.”
TRUTH: Many enterprises think that embracing the public cloud is tantamount to placing all of their digital eggs in one basket. The concern here is that if the provider is attacked, all access to their data – and therefore the ability to conduct business – could be lost. In most cases, however, a successful attack requires there to be an unpatched vulnerability in order to gain access. As we know, keeping up-to-date with patches is one of the biggest challenges for any organization today.
A key benefit of the public cloud is that the provider takes the responsibility for patching and monitoring the network, as well as adding extra layers of security to separate internal network systems from externally accessible applications and data. By adding in this third-party vendor whose responsibility is to keep their systems up to date, it actually can bolster security and help keep data more secure than it may otherwise be if held within your organization.
MYTH: “In the public cloud, anyone can access my data.”
TRUTH: One of the biggest concerns people have with public cloud is the worry that they will lose control if they entrust it with their data. By essentially relinquishing a stronghold on the data, there are understandable questions about how secure it could possibly be. However, one of the key benefits that SaaS providers grant is data privacy. In fact, I would go as far to say that data in public cloud is harder for the “wrong people” to access than on-premise data.
For example, public cloud data is protected by authentication controls, which are constantly monitored by the cloud provider. And remember, it’s not just your data they are monitoring, but it’s many other customers as well. This ensures that should anyone try to breach your data for any cloud application instance, changes can be made in near real-time to automatically enhance cloud protection for all of the cloud provider’s customers. At the same time, individual businesses’ data is protected from access by others, such as competitors, as it is multi-tenanted. That means each data instance is unique and unaware of other data, using secure keys to obfuscate and prevent leakage. That makes it extremely difficult for an unwanted entity to access your information.
The bottom line
In the end, the biggest truth about security in public cloud is that it provides security at scale. As a single organization, everything you do is at a scale of one. You might learn from peers, monitor systems and patch and update applications, but there is no shared benefit to this approach. And, with the widely-documented shortage of skilled cybersecurity professionals available, it can be hard to keep up.
We often talk about the benefits of shared resources and information, particularly with cybersecurity. Think about how useful it is for security vendors to share threat information for the mutual benefit of their customers, through organizations such as the Cyber Threat Alliance. It’s the same for customers within a cloud provider. As the customer base grows, as the provider monitors across multiple geographies and deals with attacks on a global scale, all of their customers will benefit. Any change enabling stronger public cloud security made by the provider for a single customer is automatically applied globally – ensuring stronger security for all.