Over the past year, the issue of cloud services and network security has received an enormous amount of media coverage, and rightfully so. Data breaches can have a devastating impact, not only on a company's bottom line, but also in terms of customer retention and brand loyalty. In fact, according to a recent survey by SafeNet, 65% of adult consumers are unlikely to do business again with a company after a financial data breach.
At the same time, leading cloud services providers -- like Microsoft, Cisco, and HP -- continue to expand their portfolios and market share of cloud-based offerings. Then again, earlier this year, a survey of CIOs and senior-level IT personnel noted that more than 70% of them cited security concerns as the biggest deployment hurdle for cloud-based services.
The fact of the matter is: Unless a network is completely isolated, it has potential security challenges. Perhaps the most fundamental question is whether cloud services are inherently less secure than on-premises networks or applications. So it's worth taking a closer look at what some of the top-level concerns are, and whether they are justified.
Lack of control/shared resources
Many organizations are simply not yet comfortable with turning over control of certain aspects of their hardware/software, along with sensitive customer information, to a third-party platform. Oftentimes this is rooted in concerns around process controls. For example, do issues get resolved with the same sense of urgency as they would in-house? Or, do I have the same ability to control who's managing my datacenter?
These questions go hand-in-hand with reservations about shared infrastructure and equipment. Most cloud services are structured in a multi-tenant environment. That can cause concern around partitioning and data control, and about the risk of an unauthorized person inadvertently or maliciously gaining access to private data.
Trust and security
When your IT systems are in-house, under strict regulations and protection, there is an obvious sense of security. Decision-makers know that their IT staff has been vetted and can be trusted when dealing with highly sensitive customer data. When it comes to the cloud, however, there isn't the same level of transparency. Someone completely unknown is now managing your datacenter.
Naturally, this raises concerns around ethical standards and security control procedures on the part of the cloud provider. Therefore it's more important than ever for organizations to do their homework when migrating to the cloud. If a service can't satisfy basic security expectations, not to mention the more stringent requirements (such as HIPAA and PCI DSS), then obviously it can't even be considered.
As discussed above, when it comes to cloud security, most organizations need to concentrate on three key areas of concern:
- Is my data safe?
- Is my data safe from other tenants?
- Is my data safe from the cloud provider itself?
In my next post, we'll take a look at how and when cloud-based services can actually be more secure than on-premises deployment, while eliminating costs and complexity.