What’s not to like about the cloud? It fits well into the way businesses operate today — remotely, collaboratively, and globally. It also helps to get rid of one of computing’s worst security threats: portable storage devices like thumb drives and hard drives that are easily lost or preloaded with malware.
And therein lies the irony – there are still a lot of businesses that are hesitant to migrate data to the cloud because of security concerns. For example, the Bitglass-sponsored Cloud Adoption Report found that more than half of large companies and a third of SMBs have delayed cloud adoption primarily because of security-related worries. And as Chris Talbot writes in Talkin’ Cloud, “But not only that, concerns about security are not only not decreasing; they’re increasing. A previous report from October 2011 indicated 25 percent of businesses expressed some concern over cloud security, but that figure increased to 42 percent in July 2013.”
Or as Rajat Bhargava, co-founder of cloud security startup JumpCloud, states in a Tech Times article, “When you don’t own the network, it’s open to the rest of the world, and you don’t control the layers of the stack, the cloud – by definition – is more insecure than storing data on premises.”
Even cloud enthusiasts have begun to express concern over cloud security and what it means for the future of cloud computing. According to that Tech Times article, 66 percent of the Open Data Center Alliance believe that cloud security woes are hurting cloud adoption. If companies are shying away from the cloud because of security concerns, does this mean we’re seeing the demise of cloud computing?
No, says Luis Corrons, the Technical Director of PandaLabs at Panda Security, but security concerns does influence the way we view cloud computing as a whole. “For example, nowadays many European companies are looking for alternatives to U.S. cloud computing providers mainly due to all the NSA scandal,” he explains. “But all benefits that companies can obtain from cloud services clearly exceed their security concerns.”
But the security apprehensions still need to be addressed if cloud migration is going to show any benefit to companies. According to Matt Goche, head of the Information Security Consulting practice at Sungard Availability Services, specific concerns that need to be addressed include: A) is my data protected from outsiders — same issues that organizations have if not using cloud; B) is my data protected from other tenants — unique to cloud; and C) is my data protected from the cloud provider themselves — unique to cloud.
“As long as B and C are being thoroughly evaluated, it is likely that A will improve when moving to the cloud based on expertise of provider over limited in-house expertise,” says Goche.
The best way to approach cloud security, Corrons believes, is not through more regulations, but rather through the free market. “More regulation doesn’t necessarily translate into more safety, and doesn’t guarantee at all that attacks won’t happen,” he says. “Cloud computing providers are more than aware of the risks they are exposed to, they are handling all kind of sensitive information which is of great value, and as such they have to take security measures as otherwise they could lose their customers. If people don’t trust a company, they will stop storing their information there.”
And there has been improvement in cloud security in recent years, as cloud providers have taken more responsibility for their clients’ data. The best security is built into the cloud from the beginning, rather than incorporated later on.
Remember, too, that it wasn’t too long ago when we wondered if PCs would be able to withstand the onslaught of security threats they faced. Security has never been intuitive to computing; it’s been an afterthought, based on need and reaction rather than actual prevention. Yes, there are kinks in cloud security, but if cloud adoption is approached wisely, security will fall into place.