Cloud Security Myths

Posted on

Jonha Revesencio writes for The Huffington Post, “In everyday language, “cloud” suggests something porous, and the word “cloudy” means murky and nebulous. The very term, in addition to the complexity of subjects like virtualization, makes cloud computing a tough concept for non-IT people.” She also recognizes that because the technical pieces of the cloud can be hard for business to understand it can also lead to increased fear that the cloud is unsafe especially in light of the numerous data breaches in the news in recent years. Ms. Revesencio suggests that IT help “debunk” these common cloud security myths.

Start with the common misconception that “cloud environments are easier to attack.” Not true, security depends largely on the processes and procedures you have in place – whether that is on-premise or in the cloud. Ms. Revesencio points out that a cloud service provider needs to itself have top-of-the-line security measures in place in order to gain and keep its clients’ business. If you are in a small company with limited IT resources, chances are that many cloud providers will have much more advanced security practices in place and more expertise to draw on to stay up-to-date. To sum it up, the cloud is not more or less vulnerable than your internal systems, what matters are the protections and processes that you have in place to prevent data security threats.

Next myth – you can’t control where data lives in the cloud. Ms. Revesencio writes, “knowing where your data lives requires transparency from your provider. You should know where your data travels and how it’s protected both at rest and in transit.” If you are global company with data traveling around the world you still have responsibility for knowing where it is and how it is handled and what regulations need to be followed. Ms. Revesencio notes that  many times a global cloud service provider can provide better transparency than piecing together a network of local providers.

Finally, some people may think it is easy for “cloud tenants” to spy on each other.  Even though public cloud banks on shared resources, Ms. Revesencio points out that “virtualization provides strong partitions between tenants.” Companies should instead define what data provides a competitive edge and what data is not as sensitive. The very essential information could be stored on a private cloud whereas other less sensitive data could be stored in the public cloud.

What cloud security myths do you commonly run into?