Cloud computing services are an incredibly useful tool for businesses of all sizes. With cloud Infrastructure-as-a-Service (IaaS), for example, businesses can get access to top-of-the-line computing resources without the massive capital expenses of buying, installing, and upgrading hardware within the organization.
However there are some myths currently circulating about cloud security that may mislead companies looking for a truly secure cloud solution.
Here is a short list of the top 5 myths about cloud computing security, and the truths behind these myths:
Myth #1: All Clouds Have the Same Security
This is a very common misconception about the cloud. However, not all clouds have the same security. Sometimes, even two cloud environments managed by the same provider might have very different security measures in place, depending on what add-ons have been contracted for on each cloud environment.
This is why it’s important to verify what security measures the cloud provider will be using for your cloud environment before entering into a service agreement. You should know not just that a firewall is being used, you should know which firewall the cloud service provider is going to use and why.
Myth #2: Cloud is Less Secure Than On-Premises Infrastructure
This particular myth about the cloud made Gartner’s Top 10 Cloud Myths list. As noted in the Gartner article, this mostly a matter of perception and “to date, there have been very few security breaches in the public cloud – most breaches continue to involve on-premises [infrastructure] environments.”
Any IT infrastructure is only as secure as the measures taken to protect it. Cloud service providers can more easily invest in strong security because it relates to their core business, creating a stronger infrastructure.
Myth #3: Single-Tenant (Private) Clouds Are Always More Secure Than Multi-Tenant (Public) Clouds
This is an argument that sounds logical at first: cloud environments with one dedicated tenant organization using them are more secure than ones with multiple organizations using them.
However, this isn’t necessarily true. As noted in a CIO article on myths about cloud security, multi-tenant systems “provide an additional layer of content protection… like tenants in an apartment building who use one key to enter the building and another to enter their individual apartment, multi-tenant systems uniquely require both perimeter and ‘apartment-level’ security.” This makes it harder for hackers to breach your system from the outside.
Myth #4: Cloud Providers Will Be Responsible for All Aspects of Data Security
Moving your apps, data, and workloads to the cloud can greatly reduce the internal resources your company needs to manage an IT infrastructure, but the cloud provider cannot do everything.
Even after moving to the cloud, your organization will have to use due caution for securing data on local devices and data transmitted outside of the organization. Additionally, your business should make sure employees practice account theft prevention techniques such as not sharing login info with others and recognizing phishing attempts.
Finally, limiting access to data, and revoking access for employees and businesses with whom you’ve ended the business relationship, is usually something that your organization will have to manage internally.
Myth #5: You Cannot Meet Compliance Requirements on the Cloud
Compliance with industry-specific regulations is a huge concern for many businesses. However, the belief that compliance requirements cannot be met on the cloud is a false one. In fact, using the cloud can help make meeting certain compliance standards easier, assuming you have the right cloud service provider.
For example, many regulatory standards such as PCI and HIPAA require businesses to maintain event logs for information access attempts to track the origin point (or points) of an attack as well as monitor where stolen data was transmitted to.
A cloud provider with strong intrusion detection systems (IDS) can enable compliance with such standards.
Other security features, such as data-at-rest encryption, can help you meet data destruction requirements for certain standards.
Meeting compliance standards on the cloud depends on the capabilities of the cloud service provider, which is another reason to carefully vet any provider you may want to work with before signing an agreement.