There is a common misconception that companies that transition to the public cloud are forced to make compromises on security. While there have certainly been cases where companies have made mistakes that have led to the exposure of data, it does not mean the public cloud is not secure. Just as with on-premises IT solutions, it is the responsibility of a company to ensure appropriate security measures are implemented.
CloudHealth Technologies, the leading provider of cloud optimization and management solutions, has recently debunked some of the myths about cloud security and has explained that rather than on-premises IT solutions being more secure than public cloud deployments, the reverse is true. The public cloud can be more secure than on-premises IT.
That view is shared by Vivek Kundra, the first federal CIO of the United States, who served between March 2009 and August 2011. Kundra wrote an Op-Ed for the New York Times in which he explained how his department implemented a ‘cloud first’ policy in 2010 after discovering the huge inefficiencies in the $80 billion federal IT budget. In that piece, Kundra said, “Cloud computing is often far more secure than traditional computing, because companies like Google and Amazon can attract and retain cyber-security personnel of a higher quality than many governmental agencies.”
Many companies are concerned about security in the public cloud and with good reason; however, it should not hold companies back and prevent them from achieving the myriad benefits that the cloud offers. In many cases, the reasons given for not migrating to the cloud are not based on facts, but myths about public cloud security.
One common myth is the lack of physical control over data makes data insecure. However, it is not where data are located that is the problem, but how they are secured. When data breaches occur, it is usually due to the lack of security mechanisms in place, not because there are no suitable security solutions available.
Another common myth is that placing data in the public cloud means cloud platform providers will access data. However, if any cloud provider was discovered to be doing that, it would destroy trust in their business. That is simply not something that a cloud platform provider would do, although it is easy to check by accessing audit logs.
There is a commonly held view that businesses need to choose a costly single-tenant private cloud to ensure security, rather than use cheaper multi-tenant public clouds. While it is certainly true that private clouds offer excellent perimeter security, public clouds have logical content isolation to prevent inside perimeter attacks.
There is also a commonly held belief that there are more data breaches in the public cloud. While it is true that there have been notable data breaches in the public cloud, data breaches are now a fact of life no matter where data are stored.
CloudHealth Technologies points to a study run by a vendor that determined that on-premises solutions were actually more susceptible to malware attacks and botnets than the public cloud. Further, an analysis of data breaches between August 2015 and January 2017 showed that there were 405 security incidents at companies that were running exclusively in the cloud, with no major difference between AWS, Azure, and Google Cloud. However, companies that exclusively ran on-premises infrastructures experienced 612 security incidents.
“The actual reason why you are running safer in the public cloud has very little to do with the security of the public cloud,” wrote CloudHealth Technologies. “It has more to do with how IT managers perceive the public cloud and take a higher level of precautions to protect data by restricting access to it.”
That is an area where CloudHealth Technologies helps. By providing a platform that gives total visibility of cloud-based resources and allows continuous monitoring, IT managers can easily identify cloud security risks and take steps to proactively address those risks and ensure their cloud deployments are properly secured.