Businesses regularly ask whether transitioning to the cloud is secure. The question is understandable, as there has been a lot of fear, uncertainty and doubt (FUD) spread across the industry over the past few years. Gartner thinks that cloud computing, by its very nature, is uniquely vulnerable to the risks of myths.
much of the negative chatter about cloud security is unfounded
However, much of the negative chatter about cloud security is unfounded, and is simply an extension of what is already being dealt with across the physical infrastructure. So let’s take a look at some common statements against cloud, and why they are better classified as myths than truths.
Myth #1: Cloud is riskier than traditional IT
[easy-tweet tweet=”Myth #1: Cloud is riskier than traditional IT” user=”digitalrealty”]
Your infrastructure isn’t necessarily more secure just because it is located on-premise. Data breaches, data loss, account hijacking, and denial of service attacks have been concerns since the invention of the mainframe computer back in the 1960s. And while it is true that improperly configured cloud resources can result in these types of vulnerabilities, the same can be said of improperly configured physical infrastructure. The key to a secure cloud implementation is working with a competent, experienced provider who makes investing in the strongest forms of networking security, intrusion detection and monitoring services core to their business. In many cases, the security controls an experienced provider can handle may go well above and beyond your in-house IT team’s capabilities.
Myth #2: You can’t control where your data resides in the cloud
[easy-tweet tweet=”Myth #2: You can’t control where your data resides in the cloud” user=”digitalrealty”]
Heavily regulated industries such as healthcare and finance have controls that dictate where personally identifiable information and protected health information (PHI) can reside. For these types of organisations, it may be (incorrectly) assumed that cloud isn’t a viable option due to the assumption that the location of data cannot be controlled. This “cloud myth” is easily discredited by understanding that organisations can choose to work with a provider that operates out of specific data centres in specific geographic regions. Highly regulated organisations can also leverage a private cloud deployment model that provides them with increased control and governance versus the public cloud.
Myth #3: The cloud is not suitable for compliant workloads
[easy-tweet tweet=”Myth #3: The cloud is not suitable for compliant workloads” user=”digitalrealty”]
As I mentioned above, organisations with compliant workloads can still leverage the cloud; however, a private or hybrid cloud deployment model may be better suited to their needs. A private cloud allows organisations to enjoy the flexibility and scalability benefits of the cloud, while still keeping data secure and in their control. A hybrid model provides the added benefit of being able to “burst” to a public cloud for non-compliant workloads such as development and testing.