Security is still perceived as a concern for Cloud computing. Despite the ability of the Cloud to free the limitations of infrastructure and logistics, a recent survey found that an overwhelming 90% of organisations are still worried about Cloud security.
The reality however, is that most concerns are unfounded.
The Cloud is not inherently insecure, it just has a different security model. In fact, Cloud environments have the ability to be far more secure than even traditional datacentres if approached in the right way.
But confusion usually starts before the conversation has started because key terms can mean different things. “Cloud Security” itself, can mean three very different things. Cloud security can mean:
- A SaaS (Software as a Service) offering that provides a Cloud based security service.
- A security offering that helps you monitor SaaS services (but this has no bearing on its delivery form – it could be a cloud based service, on premise software or even an appliance)
- A set of tools or features required to secure an IaaS (Infrastructure as a Service) environment
Understanding these three variants is important to understanding both the capabilities and risk of using the Cloud. Your IT provider should be able to explain more in the context of your specific business, but in general, attackers target and leverage any place where data is stored.
An attacker who is targeting your business will not simply stop because you aren’t using the Cloud; they will simply use different techniques to get to the data or cause disruption. A similar point can be made for broad-based attacks. If these attacks we face today only targeted Cloud environments, we might have a case against using such environments – but that is hardly the case. Currently, the majority of broad-based attacks still target traditional environments.
Thus it is safe to conclude that avoiding the use of the Cloud is not an action that will make you inherently more secure. Just as with the adoption of any other technology, it is important to understand the costs and weigh them against the benefits of use.
Here are 3 tips from our experience that will help reduce potential costs and maximise potential benefits:
- When working with Cloud providers it is important to establish what responsibilities you retain for security and what is managed by the provider. Depending on the nature of the service, responsibilities vary.
- With IaaS (Infrastructure as a Service) providers, we suggest you start at the Operating System level and take full advantage of the automation and configuration tools provided. Beautifully segmented networks with fully encrypted network connections are now scriptable features available in many data centres.
- With both IaaS and SaaS providers, it is prudent to regularly check administrative audit logs for privileged user access to ensure appropriate use. Automated analysis and monitoring of these logs is the best way to identify the difference between an engineer spinning up a new server and an attacker taking advantage of compromised credentials.
In order to fully realise how amazing the Cloud is, and what it can offer businesses, it is important to understand the risks and not fear the technology. Get a free consultation from London’s IT experts—BTA—and learn more in the context of your organisation. An expert IT provider like BTA will be able to make sure your company enjoys the advantages of Cloud computing, without suffering from the risks.
See you in the Cloud…