Cloud computing is becoming one of the most talked-about trends in IT today, which also means it’s one of the most misunderstood. Although there are numerous benefits for businesses to switch from hosting their own servers to using a cloud platform, many of them have refused to pull the trigger, even though it could save them millions. Cloud-based computing solutions have the potential to give businesses greater flexibility, reduce the need for expensive equipment, and streamline IT requirements. However, many businesses won’t take advantage for one simple reason: They fear that cloud computing is not as secure for their data as maintaining servers on site.
The belief that cloud computing is not as secure as on-site servers stems from a number of myths that have been floating around since the first cloud-based solutions were introduced. Businesses fear that by handing the keys to their information kingdom to a third-party provider, they would open themselves to all manner of risk — from greater vulnerability to hackers to untrustworthy providers selling their information without their knowledge.
Even though IT security should be at top of mind for businesses for good reason, many of the fears they have about cloud computing are based on bunch of myths.
Some of the most common myths about cloud security are presented on the following bullet points — along with the facts that dispel these myths.
Myth No. 1 — The cloud is inherently less secure than physical servers.
One of the most common misconceptions about cloud security is that there’s no such thing as cloud security. Many businesses believe that cloud computing relies on dumping all of their data to an outside source, making the cloud inherently less secure than keeping all of it on site in their own servers.
Fact — Cloud computing doesn’t have to be completely external.
Although the perception is that cloud computing happens completely off site in all circumstances, the truth is that cloud computing can take many forms:
1. Public — all services are provided by the third-party cloud provider
2. Private — all services are managed internally by the organization
3. Hybrid — a mixture of public and private cloud solutions are utilized
More than half of all businesses using the cloud utilize a hybrid approach.
Myth No. 2 — Securing the cloud is the provider’s sole responsibility.
The myth that cloud computing involves pushing all data off site also gives rise to the myth that securing that data is completely the responsibility of the cloud provider. This idea makes many businesses squeamish about trusting cloud providers because they believe their own security protocols won’t be a factor.
Fact — You need to continue to focus on security internally.
Businesses using the cloud still have control over the security of their data on the cloud. Backing up data, establishing password policies and determining data management policies are among the many responsibilities still in the hands of the customer when using cloud computing solutions.
Myth No. 3 — Cloud breaches are more frequent.
Of course, because cloud computing is perceived by many businesses to be less secure than on-site servers, they also believe that there are far more breaches with cloud computing. This belief just feeds into the rationale that cloud computing is less secure, and so on and so on.
Fact — On-premise servers are more vulnerable to certain types of attacks.
Having all of your data on servers in your own building might feel more secure, but the truth is that it doesn’t matter where the server is physically. The level of security is what counts. In fact, studies have shown that on-site servers are more susceptible to certain types of cyber attacks, such as malware, that are far more common than other types of attacks.
Myth No. 4 — Cloud security is too difficult for anyone to maintain.
The idea that cloud security isn’t effective or even possible often drives companies to avoid using it in situations where they’d receive the most benefit from it. It also can lead to businesses operating with insufficient security on cloud applications, because they believe the proper level of security will hamper their business operations.
Fact — Cloud security is no more challenging than any other type of network security.
Even though the cloud is seen as something different from a typical network, the truth is that protecting the cloud is no more difficult than protecting a typical network — because in the end, that’s what the cloud really is. Cloud computing is little more than using a network that’s not maintained on site. The security issues facing the cloud are no more challenging than those facing on-site networks.
Myth No. 5 — You can’t find out what cloud providers are doing with your data.
Turning the management of data over to a third-party provider can be difficult for many businesses to do; they have fears about what will happen to their data or who will be able to access it. Because some businesses don’t believe the cloud provider can ensure their systems will be secure, they choose not to take what they perceive to be an extreme risk.
Fact — Cloud providers are still accountable for protecting data.
Businesses may feel that trusting the cloud means they are handing the keys to the kingdom to someone who can let just anyone in, but this is not necessarily true. Reputable cloud providers will be able to provide customers with audit logs that will identify everyone who has or had access to their data and provide proof of background checks, if requested.
About the author: Tom Cross is Chief Technology Officer for OPĀQ and co-founder/former CTO of Drawbridge Networks. Cross is credited with discovering critical security vulnerabilities in enterprise-class software, and has written papers on collateral damage in cyber conflict, vulnerability disclosure ethics, security issues in Internet routers, securing wireless LANs and protecting Wikipedia from vandalism.