Is cloud computing really safe?

clock
Is cloud computing really safe?

In this sponsored opinion piece, Webroot's senior manager of threat research David Kennerley, examines the safety issues around moving to the cloud

Recently, I was asked for my views on cloud computing and the security concerns around it. Are these concerns well-founded, and should they prevent companies from moving to cloud-based technologies?

First, it's important to note that many businesses, large and small, have moved to the cloud in recent years, and have enjoyed great success and excellent ROI. As with any technology, there are many valid reasons both for and against its use, and security will always be the main deterrent to cloud computing adoption. There are a lot of security myths about cloud computing.

The biggest misconception is that, upon adopting cloud usage, your data will no longer be as safe as it would be with an on-premise approach, locked away behind the corporate firewall. But this is backward thinking; the corporate firewall can no longer be seen as some all-powerful gatekeeper.

Other myths I've encountered:

• "My business doesn't even use the cloud." We live in a world where so-called Shadow IT is now the norm. Files are being shared, new collaboration and messaging tools are being used. Whether they realize it or not, everyone is using the cloud in some way. That's why it's so important that IT get involved.

• "The cloud isn't secure. You are more likely to be breached." There is no evidence to support this and the large proportion of the major security breaches of 2015 occurred because data on on-premises servers was stolen. Physical control of data doesn't not make it inherently more secure. If you apply the same level of due diligence to securing the cloud as you would internal resources, then the same level of protection should be expected. Don't forget: the CIA use AWS.

• "Cloud tenants can spy on each other." Although tenants within a public cloud share the same processing, storage, and other computing resources and services, they are separated by very robust virtualisation technologies. While many areas of cloud computing may lack maturity, the strong virtualisation, isolation, and partitioning technologies available are not among them. If you experience a breach, the likelihood that it was due to vulnerabilities in the underlying technology is shrinking by the day.

• "The cloud security debate is simple." This is the biggest myth regarding cloud security, and it is difficult to address. To determine how secure a cloud solution is as compared to a non-cloud deployment solution, we need to take in to account so many variables. These variables depend on the size of the organisation, the nature of the business, expertise of in-house staff, risk tolerance, budget/turnover—and that's only the beginning.

As public cloud services continue evolve and mature, we will continue to see fewer security incidents related to the underlying technology. A Gartner Top 10 prediction for 2016 suggests 95 per cent of cloud security failures through 2020 will be due to customer actions. This highlights what many security experts are already saying: it's not the technology at fault. It's the implementation, the maintenance, the reporting, and the incident response that need to improve.

IT departments need to take a lead role in how cloud computing is utilised, managed and, most importantly, secured. With dwindling support for the more traditional in-house services, it's essential that new cloud offerings receive at least the same as the previous amount of support and management. Previous IT service management processes still need to be applied.

Instead of fearing the worst, CIOs need to be the leaders of this computing evolution—enhancing their businesses through well-balanced and highly considered decision-making. The needs of every potential cloud customer are different; as is the level of technical expertise required of the IT and security staff charged with keeping company data secure.

That's why potential decisions need to be well-researched. The technology is only part of any solution; additionally, you have to consider planning, implementation, and the controls and monitoring to leverage the solution to its full potential and benefit the business accordingly.

Both cloud service providers (CSPs) and enterprises are entering into a mutual agreement. The enterprise must be aware of what the CSP is providing, as well as where the line is between the responsibilities of the CSP and those of the customer. This needs to be clearly documented and accepted.

Enterprises also need to take the time to understand how and where their data is stored; although in the cloud, it is still physically stored somewhere. The maturity of the CSP and, in some cases, even the CSP headquarters location are important as well. Businesses must ask what access controls and validation are in place; what happens if there is a breach; what is the disaster recovery plan; etc.

Ultimately, the most important thing to remember is that it's your data and you are responsible for securing it. When adopting cloud technology, you need to understand the breadth of services available, the full needs of your business, and, perhaps most importantly, exactly what you're protecting your data from.

Malware and data theft techniques change daily, even hourly. To protect your data, you need to select next-generation solutions that can adapt to suit increasingly diverse endpoints across an increasingly diverse internet landscape—and you need to understand the malware trends that could affect your business.

Get More Info Want to find out if Webroot has what it takes to protect your customers? See for yourself with a no-risk FREE trial.

You don't even have to uninstall existing security. Are you an MSP? If so, our Endpoint Protection with Global Site Manager (designed with MSPs in mind) is the trial for you! Click here.

More on Security

Partner Content: Making Zero Trust work for your customers

Partner Content: Making Zero Trust work for your customers

Lookout discuss how in a remote-first work environment, organisations require a modern Zero Trust architecture that is intelligent.

Lookout
clock 23 November 2021 • 3 min read
Industry Voice: "The only constant in life is change*", and no more so than in the last 18 months

Industry Voice: "The only constant in life is change*", and no more so than in the last 18 months

We've seen a monumental change in how we buy, work, and communicate, and more change is afoot…

Gamma
clock 16 November 2021 • 4 min read
Microsoft warns resellers and MSPs of threat from hacking group behind SolarWinds attack

Microsoft warns resellers and MSPs of threat from hacking group behind SolarWinds attack

Tech giant claims it has seen a wave of activity from Nobelium since the summer

clock 26 October 2021 • 2 min read

Highlights

CRN A-Listers reveal which tech figurehead impressed them the most this year

CRN A-Listers reveal which tech figurehead impressed them the most this year

Which industry icons were the most favourably looked upon by the UK’s channel elite in 2021?

Josh Budd
clock 26 November 2021 • 2 min read
WATCH: ANS Group CEO on Inflexion deal, next major milestones for the business and personal highlights from 2021

WATCH: ANS Group CEO on Inflexion deal, next major milestones for the business and personal highlights from 2021

Recipient of the Industry Achievement Award at this year’s CRN Channel Awards, Paul Shannon talks about the future of the business after the Inflexion deal and merging with UKFast

Josh Budd
clock 26 November 2021 • 1 min read
Softcat launches hybrid working policy with 'slight bias to office'

Softcat launches hybrid working policy with 'slight bias to office'

'You could interpret it as 2.6 days a week. Most people interpret it as three days a week," CEO Graeme Watt says of new policy implemented since beginning of 1 November

Doug Woodburn
clock 25 November 2021 • 2 min read