The most over-hyped issue on security is possibly the cloud, don’t take our word for it, experts say so. Though the cloud is acknowledged as a powerful business engine, lack of clarity on its effective use especially the security aspect has made many shy away from leveraging it. The talk about cloud security has been done to death though the situation has changed markedly and the cloud can now offer comparable or better security than traditional IT environments. Don’t take anyone’s word for it, find out more and make an informed choice.
Following are some of the biggest myths about cloud security:
- The cloud is insecure by nature: This is not true as cloud provider have greater expertise and technical competence with spending on a scale that cannot be matched by a single organization with network security as a core competency. Network security of individual organizations is immature and cannot hope to match these levels.
- The cloud has more security breaches: Both the cloud and on-premise systems have seen a similar increase in vulnerability that is almost comparable and is slightly more or less depending on the type of threat. When correct security protocol is implemented, the vulnerability levels out in either models of deployment.
- Cloud security is very difficult to maintain: Tackling security on the cloud has to be done in a similar manner like on-premise systems. Security methodologies like firewall configurations, penetration testing, etc. are just as important on a cloud provider as they are on on-premise systems. Cloud security is a continuous process not a product or service.
- A perimeter can be built around cloud applications: This is not a good way to look at the cloud and the old paradigm of protecting perimeter boundaries has to be replaced with a comprehensive risk management program that focuses on protecting assets from myriad threats.
- Shadow IT can be stopped: It can be managed well but stopping may not be entirely possible. This can be done be creating a body that is fully representative of the cross-section of management, including the CEO, and must be responsible for the design, deployment, and maintenance of cloud security policy and implementation,
- Cloud security is solely the provider’s responsibility: This is not true as password policies, release management for software patches, management of user roles, security training of staff, and data management policies are all responsibilities of the customers and equally critical as the security measures implemented by the public cloud provider. While you’re strengthening internal security, don’t assume that your cloud provider backs up your data and will be able to restore it in case of a security breach. It is essential to deploy a backup solution that backs up your data appropriately so that in case of a breach, you will be able to restore it if the backup on the cloud is affected.
- The cloud does not need to be managed: This is untrue as the customer too has inherent roles and responsibilities for better security and operability on the cloud. It is vital that the customer understand them and follow them. Responsibility and accountability must be demarcated and fixed.
- You can ignore BYOD in the sake of security: There is no significant risk change if a BYOD friendly policy is adopted if an appropriate mobile content management solution is adopted. The future will bring more solutions relevant to this space.
- Cloud data is not saved on mobile devices: This is not true as mobile apps are always caching data is stored on the mobile device and could be a security threat. Hence, device data protection is an important issue in BYOD compatible solutions on the cloud.
- The debate between single tenant and multi-tenant systems: Multi-tenant systems offer an additional layer of content protection and the security patches are always updated. However, forced upgrades and maintenance windows in multi-tenant systems could hamper operations that would not happen in single tenant systems where you can schedule downtime without impacting operability.
- The customer owns the data on the cloud: Cross border jurisdictional headaches, copyright, IP laws and contextual advertising on sites may be done based on the content of some data on the cloud. Therefore, your rights may not be total in some cases.
- The cloud provider will continually work towards certifications and compliance: This may not happen and some of them may no longer be relevant by the time the certificate is inked. This is because standards change and evolve so does the actual situation at the operations of the service provider. The focus should be on auditing and reporting on a regular basis to meet compliance needs and not on a one off basis. Keeping in step with the latest compliance and certification trends is important and must be asked for.
- A cloud server has unlimited resources: This is not true and using more than you need can lead to performance issues and an inflated bill.
- Malicious insiders cannot be tackled on the cloud: This can be ensured if the cloud provider will be able to furnish the customer with audit logs to identify everyone who might ever have to access corporate data and have suitable background checks and clearance. Also logs of actual usage can identify these malicious insiders and deal with them.
- No need to verify the big cloud service providers: Do this at your peril, you must evaluate them too with an equally critical mind and gather as much information and feedback from current customers before making a decision.
Getting hung up on the myths surrounding the cloud, you can miss out on the powerful leveraging power of the cloud for your business.
Since the standards and technologies related to the cloud are still evolving, this space will see a lot of improvements in the time to come. Cloud is already the preferred choice for solutions due to its affordability, easy & anytime/anywhere access, lower financial & investment entry barriers as well as minimal set up times.
We at Versa have created a secure cloud based one stop comprehensive ERP solution. It addresses key security concerns in the most effective manner possible. It is affordable and targeted towards SMB’s and is backed by a promise of dedicated support. It is being used by clients in diverse verticals and could help you redefine the way you operate and grow your business.
We’d love to hear from you.
To know more, please visit www.versaclouderp.com or contact us directly.
Reference:
http://www.cio.com/article/2922374/cloud-security/20-of-the-greatest-myths-of-cloud-security.html