Whilst we all agree that the benefits are clear, the path to cloud or even multicloud, is not. Cloud Security decisions are often fuelled by fear, out of date misconceptions and the ‘perilous unknowns’!
We should assume cloud providers are secure, but that doesn’t mean we can abdicate our operational responsibilities as part of the overall solution: The cloud provider is responsible for a secure cloud service, although companies need to ensure their environment is configured with a “security-first mindset,” and a well-defined approach to how they manage sensitive data.
What’s your favourite Cloud Security myth? We have a few, but let’s look at three we see on a regular basis and how best to reset perceptions: -
#1 CLOUD = TOTAL DISASTER RECOVERY FOR MY ENVIRONMENT
There is a line of thought that the cloud never fails. The story goes that the vendor is responsible for all infrastructure and its recovery, in the event of a failure. The vendor community don’t help themselves when they quote 99.5% uptime figures. Although, these figures are true for the cloud service, it’s important for IT teams and non-IT stakeholders alike, to understand this doesn’t include their endpoints or links to legacy systems They can’t just off-load the management and security of their connected environment in this way.
We’d suggest a discussion around ‘It’s there, but it’s still ours to protect’ within the business. A multi-layered approach to cloud strategy can also bring further resilience. To minimize cloud risks, organisations should aim for a security strategy across on-premise and multiple clouds in order to ensure a comprehensive approach to detection, response and remediation.
#2 MORE CLOUDS – MORE PROBLEMS!
This whopper of a myth centres on the fact that with the increasing complexity of multiple clouds, there is a greater risk of security issues. Geographical storage location of data is a justifiable concern, particularly for businesses dealing with confidential records, but is more than manageable, if compliance is critical to the business.
Often, it comes down to a question of management. As a comparison, we often ask customers to think about the problems associated with adding more servers to their on-premise infrastructure, and how they alleviate these operational concerns – the same applies in the cloud!
#3 THE CLOUD IS JUST UNSAFE
That cloud security is simply unsafe, is probably the biggest myth out there. For non-IT people or those seeing off-premise security solutions for the first time, it’s hard to believe that data stored beyond their physical reach can actually be safe.
In fact, storing data on-site on your own servers isn’t always the best way to protect it. The best form of defence comes from strong governance, strict access rights and diligent data monitoring - all of which can be deployed and maintained with cloud storage.
HOW TO ENSURE TRANSPARENCY FOR CLOUD SECURITY
It’s important to look for a holistic view of application modernisation — not just digitising a few applications at a time. A Security-first approach, with the right services partner, can stop these issues and myths hampering business success in the long-term. Relieving you from the burden of having to optimise your applications and infrastructure as a reaction to issues, improving the management of day-to-day operations, and maintaining your security posture.