Data Is Not Secure In The Cloud And Other Cloud Computing Myths

Cloud Security

Companies are increasingly aware of the need for digital transformation and many organizations are rapidly adopting cloud computing. However, some companies are missing out on realizing the many benefits of cloud computing due to commonly held misunderstandings and misconceptions around deploying and running applications in the cloud, including cloud security. Cloud computing, which is essentially the delivery of computing services—servers, storage, databases, networking, software, analytics, and more—over the Internet (“the cloud”) has many positive impacts for businesses.  Gartner defines cloud computing as follows:

While there is so much potential for improved business efficiency, better user experience, cost savings, increased productivity and return on investment for businesses from utilizing the cloud and cloud services, some organizations are holding off on, or only partially committing to migrating to the cloud.

Understandably, due to pervasive myths and misunderstandings about cloud computing, some businesses are fearful of the changes and perceived risks involved in migrating to the cloud and using cloud services and applications.

Sadly, companies that hesitate and “wait and see” are finding that they are being quickly being left behind and will need to play catch up with their competitors to stay relevant in this digital world. Dispelling myths around cloud computing and understanding the true benefits and risks versus perceived risks can help to allow a business to make a practical assessment in their approach to considering cloud computing, cloud migration and use of cloud services.

Businesses that are not operating with a cloud first strategy not only miss out on the benefits, they are effectively at risk of being outrun by their early adopter competitors that have deployed and are effectively utilizing the cloud.

Migrating to the cloud is not a matter of if, it is a matter of when. Cloud services are now a regular component of IT operations and are used by over 90% of organizations world-wide. Many companies are choosing to work under a cloud first philosophy, where they only deploy an internal service if there is no suitable cloud service available.

IT architectures are rapidly moving to a hybrid private/public cloud model. In its annual state of cloud adoption and security report “Building Trust in a Cloudy Sky” McAfee reports that from a survey of over 2,000 IT professionals, it is expected that 80% of IT budgets are allocated to cloud-based applications and solutions within an average of 15 months.

One of the biggest concerns with cloud services is around information and data security. Other myths and misconceptions relate to costs of deployment, management of data, ease of compliance, and the level of support needed. These common myths about cloud computing are listed below.

MYTH #1: Data Is Not Secure in the Cloud

There is a myth that data stored in the cloud is not as secure as data stored on-premise. However, the opposite is true as there more inherent risks – primarily physical and environmental risks – such as fire, water damage, theft and tampering etc. Companies are traditionally used to having direct access to physical equipment and data on-site and as a result, understanding security measures to protect those physical boundaries is much more straightforward, comfortable, and familiar.

Security around cloud services, applications and solutions is more complex in nature as there are many layers of a cloud ecosystem (see below infographic. Source: Gartner).  As such, understanding of cloud security is very different from the traditional hub and spoke network security model. These new concepts move well beyond the more familiar workings of a traditional network firewall.

As cloud computing awareness, education and adoption rates grow, companies are increasingly gaining trust and confidence in data and information security stored in the cloud. To demonstrate how pervasive the myth about cloud security is, only 23% of organizations surveyed in Building Trust in a Cloudy Sky report completely trust public clouds to keep their data secure.

While this is an improvement from the previous year where only 13% of organizations completely trusted public clouds, still, only 48% of organizations slightly trust the cloud. Almost 30% of organizations distrust the cloud, either slightly distrust or completely distrust.

It is encouraging to see that only within a year, there has been a substantial growth in trust of cloud security. The number of organizations that completely distrust the cloud fell from 19% to only 4%.

See the below chart (source: Forbes) representing a year-on-year comparison of the extent to which organizations trust the public cloud to keep their sensitive data secure.

Public cloud platforms have heavily invested in security features and support from authentication to more complex secured APIs to ensure greater security and scalability. As a result, the total number of organizations who distrust the cloud dropped from 50% last year to 29% this year.

Placing workloads in the cloud does not require a security trade-off. The cloud provides security from top to bottom and with help from dedicated cyber security professionals and the best security solutions in place, organizations can be confident knowing their organization’s security postures are optimized. Having the right cybersecurity solutions in place will ensure that your secure company data is protected with around-the-clock monitoring, controlled and restricted access to files, virus protection and firewall security.

In fact, enterprises benefit from the security built into the cloud as Infrastructure as a Service (IaaS) cloud providers offer features to ensure users have access only to the information they need and also track all the “who, what, when, where” details (identity and access management).

Gartner, in it’s report “Cloud Computing: Myths, challenges, opportunities, and realities-taking control of your cloud strategy ” states that:

“The security posture of major cloud providers is as good as, or better, than most enterprise data centers and security should no longer be considered a primary inhibitor to the adoption of public cloud services.”

In fact, Gartner reports that by 2018, the 60% of enterprises that implement appropriate cloud visibility and control tools will experience one-third fewer security failures.

In addition to the security of data, some organizations also falsely believe that they lose data control in the cloud and hold concerns around not being able to access data whenever needed. With cloud hosting, data can be accessed anytime and anywhere better allowing access to data, and enabling data control and management through web-based control panels.

MYTH #2: The Only Benefit About Cloud Is The Low Cost.

While low cost is an attractive and compelling reason to move to the cloud for many organizations, there are other equally important benefits. Some of these include agility, scalability, fast time-to-market, better user experience, and quick access to high-quality infrastructure. Cloud computing allows many businesses to quickly get up and running with a new technology or scale computing power to handle peak loads much more rapidly, efficiently, and cost-effectively than they could possibly do in-house.

While the costs of cloud services and applications may represent cost-savings, several factors need to be considered, including network and bandwidth requirements, special hardware needs, the cloud service and applications that are being considered, the type of cloud architecture adopted and, of course, what you’re comparing the cloud to on the other end of the scale.

If cloud services are implemented poorly, haphazardly and without strategic direction, what may have started as a cost saving initiative could result in cost blow-outs. The comparison of new cloud deployments to on-premise systems are not easily comparable and organizations must factor in backup and failover, and the cost of service levels, resources, and personnel.

If you would like to get an idea of how much it would cost your organization to securely migrate one, some or all applications to the cloud, such as Microsoft Office 365, contact us at Ascension Global Technology.

MYTH #3: Everything Works Better in the Cloud

Cloud computing has its place in every business and the common benefits that all businesses can benefit from include faster time to market, streamlined processes and flexible infrastructure costs. However, there is no one size fits all approach to adopting cloud solutions and what may work well for one company may not work for another.
Some organizations wrongly believe that moving to the cloud means that all work tasks and applications must be migrated.

Getting the right overall solution may require a combination of public, private, and dedicated infrastructure. The public cloud might be best for some activities, private cloud for others, and a hybrid solution for others. The below chart illustrates the differences in cloud solutions adopted across different countries (source: Forbes).

Fig 8. Type of cloud architecture used by organization grouped by country

The complexity of cloud computing can make enterprise securing seem overwhelming. The challenge exists not just in the security of the cloud itself, but in policies and technologies for security and control of the technology. Although most enterprises are familiar with the general concept or idea of working in the cloud, misconceptions, and misunderstandings about what the technology offers can result in uncertainty and concern about security, risk and control implications.

Having a cloud migration service and cybersecurity experts on hand to guide and advise you through the cloud adoption and deployment process (be it a public, private or hybrid cloud model) can help you feel at ease and give you greater confidence in successful and secure implementation.

MYTH #4: Cloud Regulatory Compliance Is Easy Because Public Cloud Manages Itself

Some public cloud customers incorrectly assume that their security, and even regulatory compliance is provided automatically or pre-configured when they use, for example, Microsoft Azure or AWS. While public cloud providers do have responsibility for the underlying cloud platform, individual organizations are still responsible for their environments once the cloud services have been provisioned.

Compliance is a dual responsibility between the cloud service provider and the regulated company. As such, it is imperative to carefully vet all providers to help you protect compliant data. It is also crucial to make sure that appropriate safeguards are in place, such as encryption and backup, along with a clear understanding of processes, responsibilities, and accountability.

Organizations must understand their roles and responsibilities regarding compliance. Clear policies and procedures should be agreed between client and cloud provider for all security requirements, and responsibilities for operation, management and reporting should be clearly defined and understood for each requirement.

MYTH #5: The Cloud is a Threat to IT Jobs

It is commonly understood that the introduction of any technology can have far-reaching impacts, including impacts on jobs. While the introduction of new technologies and machine automation has significant ripple effects, including making redundant certain tasks and roles, the myth that cloud computing will replace all IT jobs can be easily dispelled.

The internet has created a multitude of new jobs that did not previously exist and as with any disruptive technology and solution, the cloud creates a strategic opportunity for IT professionals. The need to shift business operations into the cloud will require a host of cloud-savvy experts whose skills and knowledge will strengthen, grow and develop as the technology itself evolves.

While some professionals might assume that adopting cloud platforms and engaging experts, such as cybersecurity advisors and managed cloud service providers equals loss of control, or even a death knoll to in-house IT operations, the opposite is true.

Cloud solutions can help position IT departments as strategic business innovators rather than just firefighting fix-it people. IT professionals are increasingly contributing to major business decisions in the boardroom as opposed to being stuck in the basement, and are moving away from the stereotype of being the emergency “please fix-it, it’s broken” people.

As the cloud enables so many possibilities for an organization, and with major investments in the internet of things (IoT) there will continue to be a change in and future demand for IT professionals with certain core skills. Cloud computing, big data, and IoT will employ millions of people in new types of jobs and because technology plays such a vital role in businesses, IT professionals and executives will continue to be desirable to organizations.

While external help may be engaged to initially help implement solutions, IT professionals will continue to provide much needed in-house expertise to manage day-to-day operations like managing servers, devices, maintenance, monitoring, providing educating and driving innovation.
Public cloud service providers constantly release new feature sets, applications, services, and updates and keeping up with these alone can be a challenge for IT professionals, not to mention the regulatory compliance aspects.

MYTH #6: Going It Alone Is Best

Public cloud platforms are usually marketed as easy, turnkey solutions and as a result, companies tend to view hosting and applications as simply a commodity. This can also give companies a sense that migrating to the cloud is an easy DIY project.  The reality is that even if expertise is available, many IT teams are already stretched and may struggle to balance the necessary research, testing, and background work required to identify and strategize the appropriate opportunities and accompanying risks involved in cloud migration with their existing daily commitments.

Having a trusted technology partner to provide reliable advice and guidance around strategic technological pathways presents an opportunity to organizations to successfully adopt and implement cloud services.
While ongoing cloud training and certification of in-house staff is beneficial and encouraged, there are many benefits in working with a cybersecurity and cloud services provider to manage your public cloud.

Even if organizations have IT professionals with high level knowledge and expertise in-house, there is still likely a need, if only in the short-term for helping to identify and assess the cloud readiness of a network, and in the development of a cloud migration strategy.

Almost half (49%) of the professionals surveyed in the McAfee report stated that they had slowed their cloud adoption due to a lack of cybersecurity skills. This clearly demonstrates that most organizations will need help from dedicated cybersecurity and cloud migration advisory service specialists, such as Ascension Global Technology to help them choose, configure, integrate, and monitor cloud services properly and migrate applications and data to the Cloud.

Working in partnership with subject matter experts has multiple benefits beyond identifying and remediating existing or potential issues such as outages, breaches, backups and costs. One benefit of bringing in a partner is to help independently assess the existing network infrastructure and assess the appropriate cloud solutions, detailing the security, performance and other issues requiring attention and remediation.

If a shortage of cybersecurity skills is delaying or affecting your organization’s adoption and usage of cloud computing, please speak to our team of cybersecurity experts at Ascension Global Technology today to learn more about how we can help you move to the cloud.

AGT offers unrivaled support and expertise that not only gets you operating safely in the cloud, but also provides the technology solutions and know-how to help your business safely achieve your strategic and operational goals.

References and further reading

Cloud Computing: Myths, challenges, opportunities, and realities – taking control of your cloud strategy

Building Trust in a Cloudy Sky: The state of cloud adoption and security

Cloud-Computing Myths Vs Realities

Is the Cloud Secure?

What is Cloud Computing

The Next IT Jobs Boom – The Internet of Things

New Jobs in Technology

2017 State of Cloud Adoption and Security

Related Posts

Leave a Reply

About Us

"AGT" offers complete end-to-end security protection through technology tools, cybersecurity strategy, consulting, and project management services. From addressing specific security gaps to a full environment cybersecurity strategy. With services designed to improve any organization’s overall organizational security posture, AGT develops strategies to implement and deploy successful cybersecurity solutions to protect companies from data and financial loss.