Cloud Security: Myths Vs.
Cloud computing is becoming one of the most talked-about trends in IT today, which
also means it’s one of the most misunderstood. Although there are numerous benefits
for businesses to switch from hosting their own servers to using a cloud platform, many
of them have refused to pull the trigger, even though it could save them millions. Cloud-
based computing solutions have the potential to give businesses greater flexibility, reduce
the need for expensive equipment, and streamline IT requirements. However, many
businesses won’t take advantage for one simple reason: They fear that cloud computing is
not as secure for their data as maintaining servers on site.
The belief that cloud computing is not as secure as on-site servers stems from a number
of myths that have been floating around since the first cloud-based solutions were
introduced. Businesses fear that by handing the keys to their information kingdom to a
third-party provider, they would open themselves to all manner of risk — from greater
vulnerability to hackers to untrustworthy providers selling their information without their
knowledge. Even though IT security should be at top of mind for businesses for good
reason, many of the fears they have about cloud computing are based in myth. Some of
the most common myths about cloud security are presented on the following slides —
along with the facts that dispel these myths.
The cloud is inherently less secure than physical servers.
One of the most common misconceptions about cloud security is that there’s no such
thing as cloud security. Many businesses believe that cloud computing relies on dumping
all of their data to an outside source, making the cloud inherently less secure than
keeping all of it on site in their own servers.
Cloud computing doesn’t have to be completely external.
Although the perception is that cloud computing happens completely off site in all
circumstances, the truth is that cloud computing can take many forms:
• Public — all services are provided by the third-party cloud provider
• Private — all services are managed internally by the organization
• Hybrid — a mixture of public and private cloud solutions are utilized
More than half of all businesses using the cloud utilize a hybrid approach.
Securing the cloud is the provider’s sole responsibility.
The myth that cloud computing involves pushing all data off site also gives rise to the
myth that securing that data is completely the responsibility of the cloud provider. This
idea makes many businesses squeamish about trusting cloud providers because they
believe their own security protocols won’t be a factor.
You need to continue to focus on security internally.
Businesses using the cloud still have control over the security of their data on the cloud.
Backing up data, establishing password policies and determining data management
policies are among the many responsibilities still in the hands of the customer when using
cloud computing solutions.
Cloud breaches are more frequent.
Of course, because cloud computing is perceived by many businesses to be less secure
than on-site servers, they also believe that there are far more breaches with cloud
computing. This belief just feeds into the rationale that cloud computing is less secure,
and so on and so on.
On-premise servers are more vulnerable to certain types of attacks.
Having all of your data on servers in your own building might feel more secure, but the truth
is that it doesn’t matter where the server is physically. The level of security is what counts. In
fact, studies have shown that on-site servers are more susceptible to certain types of cyber
attacks, such as malware, that are far more common than other types of attacks.
Cloud security is too difficult for anyone to maintain.
The idea that cloud security isn’t effective or even possible often drives companies to
avoid using it in situations where they’d receive the most benefit from it. It also can lead to
businesses operating with insufficient security on cloud applications, because they believe
the proper level of security will hamper their business operations.
Cloud security is no more challenging than any other type of network security.
Even though the cloud is seen as something different from a typical network, the truth is
that protecting the cloud is no more difficult than protecting a typical network — because
in the end, that’s what the cloud really is. Cloud computing is little more than using a
network that’s not maintained on site. The security issues facing the cloud are no more
challenging than those facing on-site networks.
You can’t find out what cloud providers are doing with your data.
Turning the management of data over to a third-party provider can be difficult for many
businesses to do; they have fears about what will happen to their data or who will be able
to access it. Because some businesses don’t believe the cloud provider can ensure their
systems will be secure, they choose not to take what they perceive to be an extreme risk.
Cloud providers are still accountable for protecting data.
Businesses may feel that trusting the cloud means they are handing the keys to the
kingdom to someone who can let just anyone in, but this is not necessarily true. Reputable
cloud providers will be able to provide customers with audit logs that will identify everyone
who has or had access to their data and provide proof of background checks, if requested.