Often when speaking to people about the cloud, their first reaction is that it isn’t safe and they won’t use it. Odds are that they, and most everyone else who owns an Internet connected device, is already using the cloud.
Let’s take a step back and define the cloud. In essence, it’s just a network of servers — which are large, super-powerful computers. Anything that’s referred to as “cloud-based” or “in the cloud” means it primarily lives online, instead of on something physical in your possession like a CD or your computer’s hard drive.
A good rule of thumb for determining whether something is “cloud-based” is asking yourself the following question: Can I easily log into this service from another device, like my phone or a different computer? If the answer is yes, then the service is probably based in the cloud.
There is a logical, though incorrect feeling that cloud computing is inherently less secure than traditional approaches. The paranoia is due largely to the fact that the approach itself feels insecure, with your data stored on servers and systems you don’t own or control.
Control however does not directly translate to security. Consider your internal server setup. Your server is likely locked in a secure server room in your office, which is also locked, in a building which is probably locked as well. You might be on an upper floor of a building, so you feel pretty secure that the server is safe from flood. And if you’re in an interior office – you feel even more secure that it’s safe from the elements. But what is really providing this peace of mind is not actually safety and security – it’s control. You have the ability to see your server and know what security precautions are in place.
But what about viruses? What about a building or electrical fire? What about the fire sprinkler system? What about malfunction? How quickly could you be back up and running? Can you or your IT provider guarantee the uptime and a quick recovery? Do you have the tools in place? In most cases, the answer is no.
The security intelligence and preventative measures that are in place at data centers far surpass anything that a private server or firewall might have. While it’s true that you don’t necessarily control the security, it’s even truer that you have less control over your in-house data that you might think.
How bogged down is your internal IT department? How much attention are they able to give antivirus updates? It’s practically a guarantee that they are overworked and have more than a few projects that they’re balancing. That means they’re not able to pay as much attention to foundational security. Whereas, data centers can invest hundreds of thousands, sometimes millions into securing your data.
When a company gets its users’ credit card information hacked, its more likely that the company’s applications containing the credit card information was the target of the attack, not the infrastructure it is hosted on. If people really want to invest in security, they should consider focusing on the security of their applications, and let Amazon, Microsoft, Google or some other cloud provider secure the infrastructure.
As we’ve discovered in incidences over the last several years, the physical location of your data matters less than the means of access. This is the case for both cloud-based systems and traditional enterprise computing. It is also important to recognize that those who build cloud-based platforms for enterprises typically focus more on security and governance than those who build systems that will exist inside firewalls.
Author Bio: Joe Goldberg is the Senior Cloud Program manager at CCSI. Over the past 15+ years, Joe has helped companies to design, build out, and optimize their network and data center infrastructure. As a result of his efforts, major gains in ROI have been realized through virtualization, WAN implementation, core network redesigns, and the adoption of cloud services. Joe is also ITIL certified.
