Cloud Server Myths Debunk

Cloud Server Myths Debunk

Cloud computing is becoming one of the most talked-about trends in IT today, which also means it’s one of the most misunderstood. Although there are numerous benefits for businesses to switch from hosting their own servers to using a cloud platform, many of them have refused to pull the trigger, even though it could save them millions. Cloud-based computing solutions have the potential to give businesses greater flexibility, reduce the need for expensive equipment, and streamline IT requirements. However, many businesses won’t take advantage for one simple reason: They fear that cloud computing is not as secure for their data as maintaining servers on site.

The belief that cloud computing is not as secure as on-site servers stems from a number of myths that have been floating around since the first cloud-based solutions were introduced. Businesses fear that by handing the keys to their information kingdom to a third-party provider, they would open themselves to all manner of risk — from greater vulnerability to hackers to untrustworthy providers selling their information without their knowledge.

Even though IT security should be at top of mind for businesses for good reason, many of the fears they have about cloud computing are based on bunch of myths.

Some of the most common myths about cloud security are presented on the following bullet points — along with the facts that dispel these myths.

Myth No. 1 — The cloud is inherently less secure than physical servers.

One of the most common misconceptions about cloud security is that there’s no such thing as cloud security. Many businesses believe that cloud computing relies on dumping all of their data to an outside source, making the cloud inherently less secure than keeping all of it on site in their own servers.

Fact — Cloud computing doesn’t have to be completely external.

Although the perception is that cloud computing happens completely off site in all circumstances, the truth is that cloud computing can take many forms:

1. Public — all services are provided by the third-party cloud provider

2. Private — all services are managed internally by the organization

3. Hybrid — a mixture of public and private cloud solutions are utilized

More than half of all businesses using the cloud utilize a hybrid approach.

Myth No. 2 — Securing the cloud is the provider’s sole responsibility.

The myth that cloud computing involves pushing all data off site also gives rise to the myth that securing that data is completely the responsibility of the cloud provider. This idea makes many businesses squeamish about trusting cloud providers because they believe their own security protocols won’t be a factor.

Fact — You need to continue to focus on security internally.

Businesses using the cloud still have control over the security of their data on the cloud. Backing up data, establishing password policies and determining data management policies are among the many responsibilities still in the hands of the customer when using cloud computing solutions.

Myth No. 3 — Cloud breaches are more frequent.

Of course, because cloud computing is perceived by many businesses to be less secure than on-site servers, they also believe that there are far more breaches with cloud computing. This belief just feeds into the rationale that cloud computing is less secure, and so on and so on.

Fact — On-premise servers are more vulnerable to certain types of attacks.

Having all of your data on servers in your own building might feel more secure, but the truth is that it doesn’t matter where the server is physically. The level of security is what counts. In fact, studies have shown that on-site servers are more susceptible to certain types of cyber attacks, such as malware, that are far more common than other types of attacks.


Myth No. 4 — Cloud security is too difficult for anyone to maintain.

The idea that cloud security isn’t effective or even possible often drives companies to avoid using it in situations where they’d receive the most benefit from it. It also can lead to businesses operating with insufficient security on cloud applications, because they believe the proper level of security will hamper their business operations.

Fact — Cloud security is no more challenging than any other type of network security.

Even though the cloud is seen as something different from a typical network, the truth is that protecting the cloud is no more difficult than protecting a typical network — because in the end, that’s what the cloud really is. Cloud computing is little more than using a network that’s not maintained on site. The security issues facing the cloud are no more challenging than those facing on-site networks.


Myth No. 5 — You can’t find out what cloud providers are doing with your data.

Turning the management of data over to a third-party provider can be difficult for many businesses to do; they have fears about what will happen to their data or who will be able to access it. Because some businesses don’t believe the cloud provider can ensure their systems will be secure, they choose not to take what they perceive to be an extreme risk.

Fact — Cloud providers are still accountable for protecting data.

Businesses may feel that trusting the cloud means they are handing the keys to the kingdom to someone who can let just anyone in, but this is not necessarily true. Reputable cloud providers will be able to provide customers with audit logs that will identify everyone who has or had access to their data and provide proof of background checks, if requested.

About the author: Tom Cross is Chief Technology Officer for OPĀQ and co-founder/former CTO of Drawbridge Networks. Cross is credited with discovering critical security vulnerabilities in enterprise-class software, and has written papers on collateral damage in cyber conflict, vulnerability disclosure ethics, security issues in Internet routers, securing wireless LANs and protecting Wikipedia from vandalism.  


CISPE: “The European Commission is targeting the wrong players”

“Europe’s cloud infrastructure service providers are being asked to do the impossible: It’s like asking the power company to turn off a single light bulb in an apartment without shutting down the entire apartment block or city.”

Brussels, 27/11/2018

CISPE, the alliance of Cloud Infrastructure Services Providers in Europe, is raising major concerns about the scope of the European Commission’s proposed Regulation covering terrorist content online. CISPE believes the Regulation, which asks infrastructure providers to scan and monitor all enterprise data running across there services, is targeting the wrong players, slowing down their digital transformation and immediately bringing to a halt the protections of the General Data Protection Regulation (GDPR).

“CISPE and its members support the intention of the Regulation and already fully cooperate with judicial authorities and court orders to fight terrorism content,” says Alban Schmutz, CISPE Chairman and VPStrategic Development & Public Affairs, OVH. “However, including cloud infrastructure providers in the legislation means the wrong players are being targeted.”

“Unlike social media platforms, video and other online content sharing services that have control down to the most granular piece of content made available on their platforms by their users — these are the primary targets of the Regulation — cloud infrastructure providers have no control or access to the data stored by their customers, or over how and when such data is made available to the public.”

Cloud infrastructure users include corporations (banks, insurers, lawyers, transport, energy) and governments (public agencies, hospitals, law enforcement, etc.), that do not typically make content available to the public.

Indeed, infrastructure providers cannot even distinguish between what is “a piece of content” and what is not “a piece of content”.

If an infrastructure customer is hosting social media or a website sharing content from 1,000,000 users and one user uploads a piece of illegal content, like a photograph, the infrastructure provider would be forced shut down the entire social media service or website, which is simply not feasible.

Concerns also exist on the imposition of “automated proactive measures” (Article 6) to monitor or prevent uploads of terrorist content. For cloud infrastructure providers, this is simply not possible.

Moreover, if such technologies were developed in the future, infrastructure providers would be required to monitor all data entrusted to them by individuals, corporations and public institutions — even when such data is not available to the public.

Alban Schmutz adds, “Such measures would require accessing every single data owned by infrastructure customers – which could include law enforcement emails, sensitive intellectual property like design files of an aircraft, genomic databases, power plants operations and so on — therefore undermining the security and confidentiality of sensitive content that were never intended to be available to the public.”

CISPE believes that in its current form, the Regulation poses a serious threat to the core assets of cloud infrastructure customers (European industries, services and governments), thereby slowing down their digital transformation and immediately bringing to a halt the protections of the General Data Protection Regulation (GDPR) that only came into force six months ago.

CISPE is urging the legislators to clarify the scope of the proposed Regulation, to exempt cloud infrastructure services providers, and include rules that are clear, workable and proportionate.

CISPE Proposition

Search entire Blog

Subscribe Now

10,000 successful online businessmen like to have our content directly delivered to their inbox. Subscribe to our newsletter!