The Endless Myths of Cloud Insecurity
Date posted: 13th October 2015
For mid-sized business the cloud is a necessity for driving business agility, speed-to-market and reducing capital expenses. Despite that many IT leaders remain hesitant to migrate to the public cloud due to ongoing concerns about Cloud Security. There are many misunderstood points about security in the cloud. This post will highlight a few from our experience as a Cloud Managed Services provider in New York.
- I can stop Shadow IT using IT policies (myth)
- No you can’t, your employees are procuring and using their own cloud services and will continue to do so, there’s absolutely nothing you can do to stop it short of taking away their computer
- Actually even then you won’t stop it, they’ll BYOD creating another security hote
- The business needs “just-in-time” IT and your delivery is on a “when I have a chance” basis
- My public cloud provider is solely responsible for my security (myth)
- Public cloud security is better than ever with Amazon Web Services leading the charge but putting 100% trust in a cloud provider to provide security is risky.
- Management of user roles and access, release management, staff training should all be considered as part of an internal cloud security strategy on top of the public cloud’s security stack
- Also who is backing up your cloud instance? No one, that’s who.
- Cloud security is materially different from on-premises security (myth)
- There is no cloud, just someone else’s computer
- SQL injection attack cloud or on-premises, same thing
- Firewall config for the cloud, firewall config for the data center, same thing
- You own your data no matter where it is in the cloud (myth)
- Data you host in the cloud is subject to local laws
- Use caution with hosting data in the cloud outside of your home market or hire a trusted attorney or Cloud Managed Services provider to advise on local laws
- You should always trust the cloud provider with your data (myth)
- Strong cloud security (actually any security) should focus on mis-trust not trust. Your cloud service provider is a great company and you did well picking the right one but that doesn’t mean you should trust an outsider 100%
- We recommend that you ensure your cloud services provider is able to provide audit logs on a recurring basis to ensure only those that need access to your data are getting access to your data