Cloud and security have long been two words that didn’t fit together in the tech world. In fact, for years, when mentioning “cloud security” to IT professionals, they’d snicker or laugh, reminding you that there was “no such thing as security issues in cloud computing.”
They aren’t laughing now. Although it isn’t foolproof – no security system is – cloud security is no longer the oxymoron it was just a few short years ago.
Let’s be fair; the concerns surrounding cloud security were legitimate. Amir Naftali, co-founder of FortyCloud, pointed out that the cloud integrates a number of infrastructure elements, therefore, providing consistent security across these various entities is a big challenge. Whereas in traditional IT environments the administrator had full control, that isn’t the case in the cloud environment where control of the infrastructure is diversified, increasing the complexity of ensuring network security.
Another problem that long dogged cloud security was its accessibility, Naftali added. “The data in the cloud is more accessible to anyone – not just the enterprise; therefore, hackers attacking a cloud can reach a much greater number of resources than when targeting a physical data center.”
These are still concerns about the cloud, so why have our views and our trust about cloud security changed?
“Over the last few years, new solutions have been developed to provide policy-based firewalls, access management, and encrypted communication. These solutions ensure security throughout a company’s cloud infrastructure, even within public clouds,” said Naftali.
It also may be that our attitudes and overall understanding of security issues in cloud computing have evolved enough that we look at cloud security differently.
According to Michael Fimin, CEO and co-founder of Netwrix: “General concerns about cloud security were mostly related to lack of control over protective mechanisms to secure sensitive data. Businesses, in most cases, were not ready to unconditionally trust cloud providers. They feared that the provider could be less concerned about data protection and could compromise it either because of hacker attack or negligence,” he said. “This was exacerbated by the inability to establish strict data access controls and provide clients a proof that all security policies have never been violated.”
Now, Fimin added, data migration to the cloud is more associated with profitability rather than with security risks. “Having removed the burden of supporting its own infrastructures with vast expenses on hardware and software, clouds now provide customers simple and reliable services.”
Today, cloud technologies do more than ever to invest in ensuring the security of customer data. This includes security tools and controls such as physical protection, advanced encryption, multi-factor authentication, automatic backup, identity and access management controls. Cloud providers are regularly executing penetration testing and enable continuous auditing for complete visibility of the infrastructure. This allows for improved compliance with industry regulations and standards like HIPAA or PCI DSS*.
“Having more resources and focusing only on this type of activity, cloud providers are often far more competitive and reliable than other companies who prefer data storage on premise,” said Fimin.
When you take into account the overall positive dynamics of cloud security development, you should no longer think of cloud security as an oxymoron. “Cloud migration, even if it is made partially, allows companies to start thinking about segmenting their data and services in order to strengthen overall security and optimize operations with very few risks,” Fimin said.
Actually, if there is anything that should be thought of as an oxymoron, it would be “total security.”
“No solution, physical or cloud, can guarantee that a breach will never, ever, occur,” said Naftali. “The security challenge is to control access and find vulnerability, no matter if the data is cloud-based or on-premise.”
So move your data to the cloud. The security is real, or as real as it can be.
*HIPAA refers to Health Insurance Portability and Accountability Act; PCI DSS refers to Payment Card Industry Data Security Standard
This article was originally posted on Forbes BrandVoice.