Migrating to the cloud is no longer an academic decision. An increasing number of companies are migrating to the cloud- according to the 2015 Public Cloud Migration Survey:
- The public cloud is going to grow at 5% year-on-year for the next two years.
- Managed/on-premises hosting will decrease by 2% in the same period.
Because the cloud is still a new way of hosting resources it’s natural that there would be several myths associated with cloud migration. Some of these myths are unfounded while others are not myths and are real problems that need to be addressed.
Here’s a roundup:
Myth 1: Data is more secure on-premises
You would think that your own data, sitting in servers under your control is more secure than the data sitting in some anonymous server in a data center somewhere in the world.
But facts prove otherwise. All the recently discovered breaches, whether it be the Homeland breach, or the Target hack, or the JC Morgan attack, all of which caused loss of millions of sensitive customer records occurred on digital assets that the companies controlled. Very few large scale security hacks have occurred directly from the servers of cloud service providers.
This is because a provider like Amazon or Microsoft would spend way more in security compared to what a typical enterprise IT department would. An enterprise IT department has way too many demands upon its resources and what with security being an ever changing game of catch up the Amazons and Microsofts have a greater chance of securing your data.
Myth 2: Data is automatically secure in the cloud
However, there is a flip side to this argument. Just because you automatically upload your data to the cloud doesn’t make it safe. The cloud might give you tools to secure data, but there is still the gap between the keyboard and the chair where trouble can happen, and data can still be compromised.
A number of companies don’t have proper password policies or user access controls. Many have incomplete change management or release management policies. Unless companies iron out these kinks, and have proper internal security protocols moving to the cloud is not going to be of much help.
They would still get hacked and attacked and lose valuable data.
Myth 3: We are not on the cloud
Maybe you don’t have any kind of tools online. Maybe your in-premise game is so good and your legacy apps are so well designed that you don’t have to worry about using any third party business cloud-based app.
But you are still going to be affected by the cloud. You are hooked to the internet. Your customers might place their orders online, and you would have some sort of exposure to social media. At the very least your employees will use email and social media. All these are aspects of cloud, and whatever security threat affects the larger internet they would affect you too.
The genie has been uncorked, and you are living in a post-cloud world. The more you are prepared the more you will be safe.
Myth 4: Cloud security is just too different
Traditional companies might have questions around cloud security especially because the architecture of a cloud looks so different compared to an on-premise setup.
However at its basic level maintaining security on the cloud is no different from maintaining security on an enterprise LAN. There are complications in terms of multi-tenant clouds, and there are issues around jurisdiction but technically security is the same. A cloud provider still has to deal with SQL injections and DDoS attacks, and they still use VPNs and firewalls and pen testing on the cloud the same way you do that within your network.
Myth 5: Sharing my data with others is unsafe
You would be either using a public or a hybrid cloud, and your data is going to share physical space with other companies’ data. Cloud architecture is usually set up for multi-tenant workloads and that should not worry you because of virtualization which guarantees that you will have your own instances running your own data without any interference from others. Your data would be ring-fenced, and if you have any custom apps running they would use only your data.
If that’s not assurance enough cloud providers offer private clouds (for example Amazon Virtual Private Cloud) where you would be essentially using their infrastructure to run your own data centers. Then there are hybrid clouds which offer another option of storing data and whose deployment is steadily increasing.
Like other technologies cloud has its own challenges in terms of security. You should not adopt the cloud without doing due diligence, and there are certain use cases where moving to the cloud is not going to make a lot of business sense.
But from the point of view of security cloud systems have come a long way and they are as good, if not better than the best on-premise security money can buy. The only reason security can be compromised is through human error, and with proper training and policies this issue can be tackled as well.