Connect with us

Hi, what are you looking for?


Cloud Security

3 Public Cloud Security Myths Debunked

As more and more organizations embrace the migration to the cloud, there are the inevitable questions that arise around its safety. Specifically, enterprises need to know that their data is going to be secure if they choose to embrace a cloud-based model, particularly a public cloud.

As more and more organizations embrace the migration to the cloud, there are the inevitable questions that arise around its safety. Specifically, enterprises need to know that their data is going to be secure if they choose to embrace a cloud-based model, particularly a public cloud. The biggest myth I hear over and over among customers is that “the public cloud is not safe because it’s easier to attack, and then anyone can access my data.” What we’re seeing, however, is that this statement is simply not true. The simplest way to debunk a myth is to break it apart and look at each component.

MYTH: “The public cloud is not safe.”

TRUTH: When public cloud technology was new, there were concerns that it did not provide the requisite levels of security to keep data safe. These concerns were valid as the technology was not yet proven; however, this is no longer the case. Cloud providers now have years of experience, dating back to the early 1990s when modern cloud computing was first introduced. Over the decades, they’ve fine-tuned data and application access, ensuring strong governance, rights management and systems monitoring.

While the focus for on-premise and cloud-based IT is the same – to ensure application availability and security – cloud providers are able to scale this approach across multiple businesses and geographies. This scale and experience means that public cloud solutions, as long as they are well-managed, can actually prove more secure and reliable than their on-premise counterparts.

MYTH: “The public cloud is easier to attack.”

public cloud provides security at scale.TRUTH: Many enterprises think that embracing the public cloud is tantamount to placing all of their digital eggs in one basket. The concern here is that if the provider is attacked, all access to their data – and therefore the ability to conduct business – could be lost. In most cases, however, a successful attack requires there to be an unpatched vulnerability in order to gain access. As we know, keeping up-to-date with patches is one of the biggest challenges for any organization today.

A key benefit of the public cloud is that the provider takes the responsibility for patching and monitoring the network, as well as adding extra layers of security to separate internal network systems from externally accessible applications and data. By adding in this third-party vendor whose responsibility is to keep their systems up to date, it actually can bolster security and help keep data more secure than it may otherwise be if held within your organization.

MYTH: “In the public cloud, anyone can access my data.”

Advertisement. Scroll to continue reading.

TRUTH: One of the biggest concerns people have with public cloud is the worry that they will lose control if they entrust it with their data. By essentially relinquishing a stronghold on the data, there are understandable questions about how secure it could possibly be. However, one of the key benefits that SaaS providers grant is data privacy. In fact, I would go as far to say that data in public cloud is harder for the “wrong people” to access than on-premise data.

For example, public cloud data is protected by authentication controls, which are constantly monitored by the cloud provider. And remember, it’s not just your data they are monitoring, but it’s many other customers as well. This ensures that should anyone try to breach your data for any cloud application instance, changes can be made in near real-time to automatically enhance cloud protection for all of the cloud provider’s customers. At the same time, individual businesses’ data is protected from access by others, such as competitors, as it is multi-tenanted. That means each data instance is unique and unaware of other data, using secure keys to obfuscate and prevent leakage. That makes it extremely difficult for an unwanted entity to access your information.

The bottom line

In the end, the biggest truth about security in public cloud is that it provides security at scale. As a single organization, everything you do is at a scale of one. You might learn from peers, monitor systems and patch and update applications, but there is no shared benefit to this approach. And, with the widely-documented shortage of skilled cybersecurity professionals available, it can be hard to keep up.

We often talk about the benefits of shared resources and information, particularly with cybersecurity. Think about how useful it is for security vendors to share threat information for the mutual benefit of their customers, through organizations such as the Cyber Threat Alliance. It’s the same for customers within a cloud provider. As the customer base grows, as the provider monitors across multiple geographies and deals with attacks on a global scale, all of their customers will benefit. Any change enabling stronger public cloud security made by the provider for a single customer is automatically applied globally – ensuring stronger security for all.

RelatedWhy You Should Question These Most Common Cloud Assumptions

Related: Microsoft Details Security Responsibilities for Azure Cloud Customers

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to and Exchange Online.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...