The Truth About Cloud Security
One of the major reasons often cited by companies for not choosing a cloud computing solution is a concern about security. It turns out however that assuming any cloud solution is somehow inherently less secure than keeping data locally seems to be based more on fear of the unknown than other factors. Any information technology solution, cloud or local, will simply be an extension of an existing networking architecture and as secure as the existing security infrastructure. Nevertheless, given the concerns about security, it’s a worthwhile exercise to review the real security threats out there and how those might impact any cloud-based solution.
We can start with the physical location of your data when considering security. Reports from 2013 indicate that almost 43% of data breaches involved employee mistakes, physical theft and/or insider threats. The cloud, it turns out, is not a source of a large majority of company data vulnerabilities. The bigger risk still lies with computers, laptops and local servers.
Hacking, on the other hand, accounted for almost 30% of data breaches and can be broken into several distinct categories. An enterprise data center for example is 4x more likely to suffer a malware attack than a cloud solution however both are equally vulnerable to a brute force attack or a vulnerability scan. Likewise, the enterprise data center is more vulnerable to recon and app attacks.
Cloud services are not completely safe either, as they are 40% more likely to suffer from a web app attack than enterprise data centers. What this information points to however, is not that cloud services are a risk, but that all solutions are vulnerable in some way. No one solution is 100% secure.
There is one aspect of cloud services that should provide reassurance for those concerned about security. Protecting clients’ data is an essential part of their business model. Any breach or compromise would be a severe blow to clients’ trust and once trust is gone and the cloud services business becomes unreliable, the end is near. It is essential for cloud services to secure their clients’ data and to do that at scale requires a heavy investment in secure systems and servers, with regular testing, reviews and audits. All cloud services take these essential steps to enhance security, and are able to pay for them through economies of scale. Those costs are built into their business model, not yours.
Once you have reached the point where the security of cloud services is no longer an issue, it’s necessary to keep a few things in mind when considering how to use these services. First, figure out what your company’s real needs are and only get the services that are necessary, saving time and money. It’s also important to remember who your end users are. If the service doesn’t work for them, users will start to work around it, creating additional security risks. Don’t worry about data location, but do worry about data access. That’s where security holes can open up. Look for vulnerabilities and eliminate poor user practices, which create holes that can be exploited.
Lastly, ensure the reliability of your prospective cloud partner and be sure their business provides a 24/7 approach to auditing, monitoring and security.
The bottom line is that cloud services are no more susceptible to security issues than locally based systems. Each is vulnerable, but those security issues can be managed to minimize risk, no matter which kind of services your company is using.