Is cloud computing really safe?

clock • 5 min read

In this sponsored opinion piece, Webroot's senior manager of threat research David Kennerley, examines the safety issues around moving to the cloud

Recently, I was asked for my views on cloud computing and the security concerns around it. Are these concerns well-founded, and should they prevent companies from moving to cloud-based technologies?

First, it's important to note that many businesses, large and small, have moved to the cloud in recent years, and have enjoyed great success and excellent ROI. As with any technology, there are many valid reasons both for and against its use, and security will always be the main deterrent to cloud computing adoption. There are a lot of security myths about cloud computing.

The biggest misconception is that, upon adopting cloud usage, your data will no longer be as safe as it would be with an on-premise approach, locked away behind the corporate firewall. But this is backward thinking; the corporate firewall can no longer be seen as some all-powerful gatekeeper.

Other myths I've encountered:

• "My business doesn't even use the cloud." We live in a world where so-called Shadow IT is now the norm. Files are being shared, new collaboration and messaging tools are being used. Whether they realize it or not, everyone is using the cloud in some way. That's why it's so important that IT get involved.

• "The cloud isn't secure. You are more likely to be breached." There is no evidence to support this and the large proportion of the major security breaches of 2015 occurred because data on on-premises servers was stolen. Physical control of data doesn't not make it inherently more secure. If you apply the same level of due diligence to securing the cloud as you would internal resources, then the same level of protection should be expected. Don't forget: the CIA use AWS.

• "Cloud tenants can spy on each other." Although tenants within a public cloud share the same processing, storage, and other computing resources and services, they are separated by very robust virtualisation technologies. While many areas of cloud computing may lack maturity, the strong virtualisation, isolation, and partitioning technologies available are not among them. If you experience a breach, the likelihood that it was due to vulnerabilities in the underlying technology is shrinking by the day.

• "The cloud security debate is simple." This is the biggest myth regarding cloud security, and it is difficult to address. To determine how secure a cloud solution is as compared to a non-cloud deployment solution, we need to take in to account so many variables. These variables depend on the size of the organisation, the nature of the business, expertise of in-house staff, risk tolerance, budget/turnover—and that's only the beginning.

As public cloud services continue evolve and mature, we will continue to see fewer security incidents related to the underlying technology. A Gartner Top 10 prediction for 2016 suggests 95 per cent of cloud security failures through 2020 will be due to customer actions. This highlights what many security experts are already saying: it's not the technology at fault. It's the implementation, the maintenance, the reporting, and the incident response that need to improve.

IT departments need to take a lead role in how cloud computing is utilised, managed and, most importantly, secured. With dwindling support for the more traditional in-house services, it's essential that new cloud offerings receive at least the same as the previous amount of support and management. Previous IT service management processes still need to be applied.

Instead of fearing the worst, CIOs need to be the leaders of this computing evolution—enhancing their businesses through well-balanced and highly considered decision-making. The needs of every potential cloud customer are different; as is the level of technical expertise required of the IT and security staff charged with keeping company data secure.

That's why potential decisions need to be well-researched. The technology is only part of any solution; additionally, you have to consider planning, implementation, and the controls and monitoring to leverage the solution to its full potential and benefit the business accordingly.

Both cloud service providers (CSPs) and enterprises are entering into a mutual agreement. The enterprise must be aware of what the CSP is providing, as well as where the line is between the responsibilities of the CSP and those of the customer. This needs to be clearly documented and accepted.

Enterprises also need to take the time to understand how and where their data is stored; although in the cloud, it is still physically stored somewhere. The maturity of the CSP and, in some cases, even the CSP headquarters location are important as well. Businesses must ask what access controls and validation are in place; what happens if there is a breach; what is the disaster recovery plan; etc.

Ultimately, the most important thing to remember is that it's your data and you are responsible for securing it. When adopting cloud technology, you need to understand the breadth of services available, the full needs of your business, and, perhaps most importantly, exactly what you're protecting your data from.

Malware and data theft techniques change daily, even hourly. To protect your data, you need to select next-generation solutions that can adapt to suit increasingly diverse endpoints across an increasingly diverse internet landscape—and you need to understand the malware trends that could affect your business.

Get More Info Want to find out if Webroot has what it takes to protect your customers? See for yourself with a no-risk FREE trial.

You don't even have to uninstall existing security. Are you an MSP? If so, our Endpoint Protection with Global Site Manager (designed with MSPs in mind) is the trial for you! Click here.

You may also like
Cloud to become business necessity by 2028 - Gartner

Research

Global public cloud services spending is set to total $679bn in 2024

clock 29 November 2023 • 2 min read
Tackling the gender gap in AI - Gavriella Schuster

Vendor

In this opinion piece, the former Microsoft global channel chief, and chairwoman of the advisory board at Artificial Solutions, explains what more can be done on this issue

clock 25 November 2022 • 4 min read
German cybersecurity awareness firm SoSafe expands Channel Program across Europe

Vendor

The vendor's head of international partnerships, Dao Tran, talks partner strategy and having a resilient approach to cybersecurity threats in the market

clock 08 November 2022 • 7 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Vendor

Juniper's European channel director talks revamped partner programme

Juniper's European channel director talks revamped partner programme

The programme refresh banks heavily on services through new designations, an advisor focus and enhanced GTM capabilities

clock 15 March 2024 • 2 min read
Zscaler completes buy of cybersecurity start-up Avalor to boost AI data capabilities

Zscaler completes buy of cybersecurity start-up Avalor to boost AI data capabilities

Zscaler CEO Jay Chaudhry said the vendor can "more effectively identify vulnerabilities, while predicting and preventing breaches" with the deal

Mark Haranas
clock 15 March 2024 • 2 min read
Top 3 investment priorities for EMEA channel partners in 2024

Top 3 investment priorities for EMEA channel partners in 2024

Channel leaders outline key investment priorities to drive profitability, customer success

Andrea Gaini
clock 15 March 2024 • 4 min read

Highlights

Staff & Salaries 2022

Staff & Salaries 2022

A snapshot of pay and headcount trends in the UK channel

Doug Woodburn
clock 09 March 2022 • 1 min read
Midwich CEO on Nimans acquisition, 2021 results and return to pre-pandemic levels

Midwich CEO on Nimans acquisition, 2021 results and return to pre-pandemic levels

Stephen Fenby talks to CRN after Midwich’s 2021 results in which profitability exceeded pre-pandemic levels

Josh Budd
clock 08 March 2022 • 3 min read
4 more vendors suspend sales in Russia following Ukraine invasion

4 more vendors suspend sales in Russia following Ukraine invasion

IBM and Microsoft are among a number of vendors which have also announced that they will halt sales in Russia following the invasion of Ukraine.

clock 08 March 2022 • 3 min read