Fears over the security of the cloud have prompted thought leaders in the IT industry to invest a lot of time publicising the fact that cloud can actually be more secure than onsite servers. It seems counterintuitive and you can see why such a statement could be met with scepticism, so how exactly can the cloud be more secure?
The cloud offers a lot of technical advantages that on-site servers might not, including:
- Flexibility and swift migration: you can quickly remove or reimage all software from one server in the cloud to another server which significantly improves disaster recovery efficiency.
- Security across the board: security as a service means security can be built into every system, application and server rather than having to build it into each application individually.
- Tools like encryption can be used in the cloud to protect all systems and data end-to-end.
- Cloud apps tend to be newer, are not appliances and are therefore easier to patch, unlike old, legacy apps that are no longer supported or weren’t really built with security in mind which are easier to hack.
Most Cloud experts agree though, that there’s not either/when it comes to the security of the cloud versus onsite servers and it depends how each is used.
Security isn’t about location
A lot of people assume that a server held on the cloud is vulnerable because it can be accessed more easily via the internet, and once it’s hacked – that’s it, there’s no back-up. Firstly, most cloud drives do offer back-up, and secondly, a local datacentre can be just as vulnerable as a cloud server mainly because most hacks are opportunistic, and anything that can be accessed from the outside has equal chance of being targeted.
In fact, Alert Logic’s Fall 2012 State of the Cloud Security Report demonstrated that the cloud has experienced fewer security incidences than traditional alternatives. The key findings were:
• When compared to traditional in-house managed IT environments, service provider environments show lower occurrence rates for every class of incident examined.
• Service provider customers experienced lower threat diversity (i.e., the number of unique incident classes experienced by a customer) than on-premise customers.
• On-premise environments were twelve times more likely than service provider environments to have common configuration issues, opening the door to compromise.
• While conventional wisdom suggests a higher rate of Web application attacks in the service provider environment, Alert Logic found a higher frequency of these incidents in on-premise environments.
When you use the cloud you’re putting your trust in an external service provider to protect your data. That can seem like a risk, but if you’re using a reputable service provider then it’s actually likely to enhance your security. As Vivek Kundra puts it (former federal CIO of the United States):
“Cloud computing is often far more secure than traditional computing, because companies like Google and Amazon can attract and retain cyber-security personnel of a higher quality than many governmental agencies.”
SMEs that have the expertise to offer cloud drives are also likely to have in-depth knowledge and a wealth of experience which only enhances the security offered by the cloud.
Who know the risks
What’s more, these experts are well aware of the general scepticism which cloud security can be greeted with and so know how damaging one security glitch could be. The result? Meticulous attention to security is paid and providers tend to go the extra mile because, at the moment, they have to in order to sell their service.
Your business is already using the cloud
So if you go to a decent service provider you can trust that they’ll be providing security above and beyond the call of duty. The problem is if you try and ignore cloud computing, because you’re employees are probably already using it.
Dropbox, Gmail, even social media used in certain ways can count as the cloud and if you don’t take proper precautions and set up boundaries for your work-force you end up with the risk of a kind of “shadow IT” where employees are accessing data on their phones and tablets which could easily be insecure.
Accepting that cloud computing is here, legitimising it and therefore gaining control over how workers pass around and access data will make sure it is thoroughly protected.
Overall cloud isn’t inherently more secure, but the fact that it is innovative and is at the forefront of IT developments actually makes it a more secure option than older, outdated solutions. Of course, often a hybrid solution between the cloud and on-site data is the ideal solution for businesses and there’s no reason you have to pick between the two. The best way to guarantee proper security is to go to a reputable provider.