Is cloud computing secure?

Over the past decade, one of the most game-changing innovations has been the advent of cloud computing. The shift from traditional on-premises applications and data storage to the cloud is well underway, with individuals, small and midsize businesses, and even large enterprises entrusting their data and applications to this technology. However, a recurring question lingers – is it truly secure? Cloud computing safety is a paramount concern for those considering this technology, and for IT managers, vigilance is essential. The potential losses from cybercrime and attacks are staggering, with the 2008 CSI Computer Crime and Security Survey revealing an average annual loss of just under $300,000.

Placing your valuable data and applications in the cloud, entrusting cloud computing safety to a third party, might seem like a leap of faith. However, faith should play no part in this equation. Every business must ensure the security of its data and applications. The question of cloud computing safety must be addressed with precision.

The reality is that the cloud offers several security benefits. According to NIST (National Institute of Standards and Technology), these cloud computing safety advantages include:

Shifting public data to an external cloud reduces the exposure of internal sensitive data.

Cloud homogeneity makes security auditing/testing more straightforward.

Clouds enable automated security management.

Redundancy and Disaster Recovery.

All four points are valid. Cloud providers inherently tend to incorporate rigorous cloud computing safety as part of their business models, often more than an individual user would. The key here is that they deploy the precautions that individual companies should but often don’t.

A Common Security Model

Most software providers impose some level of security with their applications. However, when cloud application providers implement their proprietary approaches to cloud computing safety, concerns arise regarding international privacy laws, data exposure to foreign entities, stovepipe approaches to authentication and role-based access, and leaks in multi-tenant architectures. These security concerns have hindered the adoption of cloud computing technology, although they need not be a problem.

The very nature of a cloud platform is that it imposes a set of common software components that developers can use to enhance their applications without having to build them from scratch. This is especially beneficial in the realm of security. The cloud “platform as a service” offers an elegant solution to the security challenge by implementing a standard security model to manage user authentication and authorization, role-based access, secure storage, multi-tenancy, and privacy policies. Consequently, any SaaS application running on the common platform immediately benefits from the platform’s standardized and robust security model.

Enhanced Physical Security by Cloud Computing Providers

Lack of physical security is a significant cause of loss, with insider attacks accounting for a surprisingly large proportion of these losses. While the threat of external hackers is very real, often, the “black hat” is, in reality, a trusted employee. It’s the person from the Accounting department with whom you have lunch. It’s the colleague who brings you coffee in the morning and always remembers you take two sugars. It’s the recent college graduate with so much potential who did an excellent job on that last report.

Of course, insiders can attack your network and data from anywhere, given enough incentive and information. However, physical proximity to the actual hardware and data makes it much easier to gain access. Cloud data centers tend to have better internal physical security protocols, including locked rooms, regulated access, and other protections against physical theft and tampering.

Conclusion: Advanced Security via the Cloud

In addition to physical security, technical security is of the utmost importance. Hosting your own servers and applications requires additional measures. A larger organization might need to deploy dedicated IT staff for security alone. Cloud computing, on the other hand, embeds cloud computing safety directly into the cloud platform. While the company must still maintain in-house security to some extent, the provider ensures that applications and data are protected from attacks.

We often assume that maintaining control over everything is inherently safer, which is not always the case. Smaller companies, in particular, may lack expert security staff in-house, and even larger corporations often lack the resources to dedicate to implementing rigorous security continuously. In contrast, a cloud computing provider that offers a comprehensive service level agreement and retains expert security staff in-house will typically provide advanced security compared to the in-house alternative.

Leave a Comment