While organisations have long been aware of cloud’s ability to reduce costs and increase agility, industry commentators have debated whether cloud is secure enough to hold sensitive or private information.
The key issues in the debate have been: whether cloud services are more easily compromised than on-premise infrastructure; and where the data is stored for legal purposes, also known as data sovereignty.
As the debate has continued, cloud technology has leapt forward, particularly in terms of security. Unfortunately, this has coincided with a number of high-profile security breaches; notably the iCloud hack in 2014 that resulted in the release of private images of celebrities.
Ironically, most security breaches affect on-premise databases as opposed to cloud-based services. Yet, because moving information and workloads to the cloud means it physically leaves the organisation’s premises, many fear that makes it inherently less secure.
In fact, the cloud can offer even better security than on-premise systems, depending on the cloud provider’s security approach.
While many believe it is more difficult to secure information in the cloud, the opposite is true for a number of reasons. First, technology security products such as threat or intrusion detection, firewalls, and antivirus work just as well in the cloud as they do on-premise. Second, the potential for disgruntled or malevolent employees to damage the organisation is reduced. This is because they cannot gain physical access to the data in the same way they could if it was stored on-site.
Third, and perhaps most importantly, cloud providers are well aware of the misconceptions around security and take active steps to alleviate concerns. Their data centres are usually independently-audited and they must comply with strict regulations. A significant security breach could spell a cloud provider’s demise, as their entire reputation relies on providing a secure service. This is a powerful incentive for providers to harden their security postures.
Individuals have entrusted personal information to cloud-based apps for years. Organisations such as Facebook, Gmail, Dropbox, and Skype all contain sensitive personal details that present an attractive target for cyber criminals. Yet people continue to use these services because they’re convenient and relatively powerful. They offer much greater functionality and storage capabilities than a standalone device, such as a smartphone, could provide. As individuals, we readily acknowledge that Google and their counterparts are much better at protecting our data than we are.
Similarly, organisations should entrust enterprise applications and services to cloud providers. Shifting as much of the company infrastructure as possible to the cloud lets internal IT teams focus on innovation and development, two areas that are sorely needed in an age of intense competition and limited resources…Click HERE to find out more about this article