3 myths about cloud and security
20th December 2018
Businesses regularly ask whether transition to the cloud is secure. The question is understandable, as there has been a lot of fear, uncertainty and doubt across the industry over the past few years.
Gartner thinks that cloud computing, by its very nature, is uniquely vulnerable to the risks of myths. So here are some common statements against cloud, and why they are better classified as myths than truths.
1. Cloud is riskier than traditional IT
An organisation’s infrastructure isn’t necessarily more secure just because it is located on-premise. Data breaches, data loss, account hijacking and denial of service attacks have been concerns since the invention of the mainframe computer back in the 1960s.
And while it is true that improperly configured cloud resources can result in these types of vulnerabilities, the same can be said of improperly configured physical infrastructure.
The key to a secure cloud implementation is working with a competent, experienced provider that makes investing in the strongest forms of networking security, intrusion detection and monitoring services core to their business.
In many cases, the security controls an experienced provider can handle may go well above and beyond an in-house IT team’s capabilities.
2. You can’t control where your data resides in the cloud
Heavily regulated industries such as healthcare and finance have controls that dictate where personally identifiable information (PII) and protected health information (PHI) can reside.
For these types of organisations, it may be (incorrectly) assumed that cloud isn’t a viable option due to the assumption that the location of data cannot be controlled. This cloud myth is easily discredited by understanding that organisations can choose to work with a provider that operates out of specific data centres in specific geographic regions.
Highly regulated organisations can also leverage a private cloud deployment model that provides them with increased control and governance versus the public cloud.
3. The cloud is not suitable for compliant workloads
Organisations with compliant workloads can still leverage the cloud, but a private or hybrid cloud deployment model may be better suited to their needs. A private cloud allows organisations to enjoy the flexibility and scalability benefits of the cloud, while still keeping data secure and in their control.
A hybrid model provides the added benefit of being able to “burst” to a public cloud for non-compliant workloads such as development and testing.
Source: Information age