Myth Busting Cloud Security - It's all about Risk Management.

Jul 09 2018
61
0

Almost 6 months into leading the teams at Comunet, I’ve had quite a few people ask me what is the biggest surprise or challenge that I’ve come across.

Perhaps it's not surprising that the it’s been dealing with the common misconception that “the cloud” is less secure than on-premises solutions – which is exacerbated by the ambiguity that exists in many organisations around cloud computing in general.

Cloud computing has now been around long enough to no longer be a fad, and the statistics around cloud use and security incidents leave little room for debate on the fact that, configured correctly, Cloud Services (such as those provided by Microsoft or AWS) are more secure than on-premises solutions.

A 2017 report by Alert Logic covers an 18 month period and presents clear data on the number of security incidents in its researched organisation’s environments. 



Average per-customer security incident count. (Source: Alert Logic/2017 Cloud Security Report)

Why do On-Premises and Hybrid solutions present a higher IT security risk? 

From our perspective, it’s based on IT security being primarily grouped into two factors - physical and virtual security.   

In all environments except Public Cloud, both physical and virtual security must be understood, architected and maintained by IT staff. IT team profiles are regularly profiled as being time poor, challenged by budgets and not able to keep up with the training required to stay ahead of the curve on all elements of IT.

By moving to Public Cloud, organisations are able to outsource the physical security elements, while maintaining responsibility and control of their virtual IT security architecture include policies, data protection, user access, networks and their software.

Yes, you would hand over physical security, but you are almost certainly doing this to an organisation better-equipped to manage these environments.

This is represented by AWS in their ‘Shared Responsibility Model’ where they define their responsibility as “Security of the Cloud”, with organisations only need to focus on “Security in the Cloud” – which is the same virtual security practises they need to have in on-premise environments today.AWS Shared Responsibility Modelhttps://aws.amazon.com/compliance/shared-responsibility-model/

The Scout Motto – “Be Prepared”.

Gartner’s research analysts predict that In 2018, the 60% of enterprises that implement appropriate cloud visibility and control tools will experience one-third fewer security failures.1
In summary, it’s important to remember that your workloads are not secure by default, in cloud or on-premises. Your team (or IT partners) must understand the shared responsibility models with each Cloud provider.

By leveraging the tried, tested and certified physical security of Public Cloud providers – you will not only have an environment which is ‘as secure’ as your own, but will find that you can surpass anything you can achieve in-house.

If you’d like to have a conversation around cloud, security or any other IT risk related items – we’d love to talk to you.
Alexei Fey

1 (https://www.gartner.com/smarterwithgartner/is-the-cloud-secure/)