Tags


Latest Posts


Latest Comments


Authors

Busting cloud myths

stuart-brown.jpg

Posted by |

Concerns about cloud computing are common among the CIO community, particularly when it comes to potentially losing control over data. Our Journey to the Cloud research supports this, having found that data loss and theft are the third and fourth biggest concerns respectively for IT managers moving to the cloud. Switching to a wholly different IT infrastructure can naturally bring about fears that you’re more vulnerable to an attack. But from conversations I’ve had with customers, many of these fears are unfounded. There can be little separation between myth and fact, which is worrying given that it could be holding back some organisations from moving towards cloud services.

It’s time to eradicate what I’ve found to be the most common myths about cloud. Here’s my top three that need to be busted:

  • Myth 1: Customers in the same cloud could attack each other

    In reality, the hypervisor layer where primary separation occurs within cloud services is extremely difficult to attack. Other multi-tenant controls are generally understood and can be robustly implemented by the CSP.

  • Myth 2: Cloud services are more prone to external attack

    Data breach through account hi-jacking, unsecure application performance interfaces (APIs) and attacks can affect an enterprise or CSP to equal effect. The security ‘zone’ model can be effectively deployed with next generation firewalls that have ultra-high performance and low latency. These firewalls can implement encryption, strong authentication, and protect against web and cyber threats.

  • Myth 3: You can’t guarantee service assurance in the cloud

    Data residency is a key concern along with resolving potential service level agreements (SLAs) and legal disputes. Assessing the provider’s capability in the crucial aspects of security certifications, SLA assurance and backup and disaster recovery capabilities is vital. For these customers, a CSP that operates in the same country as them can give them the assurance they need.

A sound overall framework such as ISO27001 will guide your security approach and the creation of security ‘zones’ within your enterprise architecture. A risk-based approach is vital to protect the interaction between these zones, and you should decide on the controls needed between them, as well as access controls for different types of users. There are risks to cloud security from both the CSP’s and organisation’s side, so a joint responsibility is key.

If you’re still not convinced that cloud computing is a safe environment, consider the measures you can take as an organisation to reinforce security. In fact, Gartner predicts that by 2020, 95% of cloud security failures will be due to error from the organisation itself, rather than the CSP. It might feel natural to first consider the cloud service provider (CSP) as an instigator of security threats, but the truth is that without careful management, the customer can present risks too. It’s a common mistake for organisations to fail to assess the full end-to-end security model needed to protect cloud-based services. Typically, customers trust the cloud providers’ security model and pay less attention to their own information assets. Or conversely, they focus on their own data security in the cloud, without fully assessing the risks or access control challenges. The answer lies in developing one security framework for all information assets whether they are cloud or on-premise based. Unifying all security can help achieve collaboration not only between management tools, but between the supplier and the organisation to forge a stronger relationship.

Comments

 

Post a comment

Comment submitted! Comments needs approval before being displayed.