Cloud Security Myths: Busted
In many cases, the average enterprise or SME can't keep up with all of the security controls necessary to protect data in-house
Aug. 17, 2014 11:30 AM
In a Feb 2014 survey, 94 percent of organizations surveyed reported running applications or experimenting with infrastructure-as-a-service. According to research firm Nasumi, there is over one exabyte currently stored in the cloud. An exabyte is over a billion GB. Considering the amount of data in the cloud and the growing rate of adoption for sensitive use cases, it is natural that securing our data in the cloud is a concern. But, cloud security, though rightfully a central concern, should not be a hindrance to aggressively moving workloads and applications to the cloud.
In fact, there are some misconceptions about cloud security that need to be laid to rest.
Myth #1: A cloud provider's customers can attack each other
The truth is that virtual walls segregate you from other customers. Your hypervisor is the primary separator and is extremely difficult to hack. If you add other safeguards like VLAN isolation and proper data encryption and key management, your data is completely safe from other cloud customers.
The Alert Logic State of Cloud Security Report concludes "It's not that the cloud is inherently secure or insecure. It's really about the quality of management applied to any IT environment."
Myth #2: Data in the cloud in more susceptible to risk than data in the datacenter
In fact, a 2014 study found that once businesses learn about and experience cloud computing, concerns about security vanish. Close to one-third of executives and professionals who have not yet implemented cloud say security is their top concern, a number that diminishes to 13 percent of seasoned, heavy users of cloud services (and is only the fifth-ranked concern on their list).
Arthur W. Coviello, Jr., Executive Chairman for RSA, puts it simply, "security concerns are really independent of the cloud. They're just an extension of what is being dealt with in the physical infrastructure."
In many cases, the average enterprise or SME can't keep up with all of the security controls necessary to protect data in-house. For a cloud provider, conversely, it is a core business function. They typically invest in the strongest forms of network security and detection and attain compliance certifications that reduce the risk for the data they're tasked to protect.
If your core business isn't preparing tax returns, you hire someone who can do it for you: someone with the right background, experience, and tools. Someone who does a better job than you could do yourself. The same applies when it comes to protecting your data: using a provider who specializes in doing so will create better results than doing it yourself.
Myth #3: Using a trusted cloud provider guarantees protection of data
The truth is this: whether you build your own private cloud, store your data in a public cloud, or keep your sensitive business information under your mattress, the duty to protect your data is yours alone.
Amazon Web Services (AWS) accounted for 37% of the $9 billion infrastructure as a service (IaaS) market in 2013, according to analysts from equity research firm Evercore. The IaaS market is growing by 45%, but Amazon Web Services has a growth rate of 60%. AWS is currently the biggest public cloud provider. And yet, in the AWS Security Center, they clearly state "AWS has secured the underlying infrastructure and you must secure anything you put on the infrastructure."
Because you control the security of your accounts and data, you can ensure that you still own your data - even though you are housing it in public infrastructure.
The way to ensure your data is safe in the cloud is by encryption. Encryption, and the management of encryption keys, is not just about safety, it is also about ownership. If you encrypt properly, you will own your data even though you are renting infrastructure form a cloud provider.
To simply and effectively achieve encryption key management, the best practice is coupling the innovative techniques of split key encryption and homomorphic key management. They will be the assurance that no one (not even your cloud provider) can access data you store in the cloud and that everything you store in the cloud is completely safe, segregated, and protected in a way that is scalable, automated, and cost-effective.
Reader Feedback: Page 1 of 1
SOA World Latest Stories
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
SYS-CON Featured Whitepapers
Most Read This Week