Is the cloud secure?
This is literally the most-asked question in the industry: we asked 900 senior IT decision makers from across Europe to list their top IT challenges and security is their number one IT challenge.
In fact, it’s actually the accessibility of data, rather than its location that has the biggest impact of security.
Cyberattacks are opportunistic…anything that can be accessed externally has a more or less equal chance of being attacked. Alert Logic, in their Fall 2012 State of Cloud Security Report, found that web app-based attacks hit IT services provider environments about as often as on-premises environments (53 per cent versus 44 per cent, respectively).
Interestingly, on-premises users and customers actually experienced more incidents than those using cloud providers (61.4 attacks on average, versus 27.8, respectively), suggesting the cloud providers have the edge over on-premises teams when it comes to holding off attacks.
Ultimately, a sound security strategy – and adequate resources to back it up – is the key differentiator in any security scenario. Not whether or not the cloud is involved.
So why does the myth that the cloud is inherently insecure persist?
Because people often equate security with perceived control. With on-premises, if a mission-critical app goes awry, then you can drag yourself out of bed at 3 in the morning and go in and fix it. Therefore you have control and everything is secure. You might go insane micromanaging every problem under the sun. But you have control.
But, all other things being equal, there’s no reason to believe that just because the servers are under your roof – as opposed to someone else’s – they actually are more secure.
They just feel less secure. It’s a cognitive trick we play on ourselves.
In fact, the size, resource and expertise that cloud providers enjoy can add up to considerable security benefits for their customers. A well-staffed provider with years of built-up security expertise is likely to be in a better position than an under-resourced in-house IT team to provide security. They’ll also be familiar with the ins and outs of compliance and legal concerns.
Not to mention the fact that cloud providers – who make a living building secure cloud-based platforms for enterprises – typically focus more on security and governance than those who build systems that will exist inside firewalls.
What’s more, a service provider should be able to provide best-of-breed connectivity as well as disaster recovery and business continuity options. Leveraging their investments and combining cloud, disaster recovery and connectivity into a single package can actually enhance security, whilst reducing overall costs.
As every year goes by, the myth of the insecurity of the cloud gets weaker and weaker. Entire companies are now housed in the public cloud – this would have been unthinkable ten years ago. So get in touch with our experts to see how you can enhance the security of your business.