Dissipating 3 Common Cloud Myths
Despite all the advantages of cloud computing, some organizations are still reluctant to migrate to it. There are plenty of cloud hacking stories in the news to support misconceptions and fears. Most of these data compromises start as simple emails containing malicious URLs. In fact, 95% of all Internet-based attacks start with spear-phishing, according to McAfee Labs, Intel Security's global research team.
While some cloud fears are justified, let’s take a look at three common cloud myths and uncover the truth.
1. Security breaches happen more with cloud than on premises.
The confusion about cloud services and how they operate have led many to assume a cloud network is easily penetrable. “In most cases, the cloud is more secure than an on-premises data center. Cloud providers have made — and continue to make — significant investments to ensure the infrastructure is secure,” Josh Jones, senior network security architect at Insight, points out.
“To date, there have been very few security breaches in the public cloud — most breaches continue to involve on-premises data center environments,” Gartner reports. “While cloud providers should have to demonstrate their capabilities, once they have done so there is no reason to believe their offerings cannot be secure.”
Take Trend Micro's suite of threat and data protection solutions, for example. They're adaptive to the constantly changing security threats, offering protection for end-to-end enterprise and small businesses to targeted endpoint, data, and Web and messaging platforms.
Many argue that because of the high level of expertise and resources cloud providers employ, a localized server can’t match the scaled security or protection of their services. Jones explains, “Organizations that do not rely on cloud to deliver services may experience an increased security risk because they lack the necessary in-house security skill sets, proper technology or both. Cloud service providers address both of these concerns.”
Recent studies point to less rigorous security at smaller firms, in particular. In a Sophos-sponsored Ponemon Institute survey of IT managers at small and medium businesses, the average self-assessment score of security posture (ability to mitigate risks, vulnerabilities and attacks) was a 6 on a scale of 10. Respondents reported, on average, fewer than three full-time workers fully dedicated to IT security.
2. Only a provider can manage a cloud network.
Although cloud services are provided and administered by a third party, the responsibility is shared. Your organization plays a role in determining what applications and workloads can live on the cloud.
“Some of the less sensitive applications and workloads are a good starting point for migrating into the cloud,” suggests Jones. “Sensitive data and applications should be run in-house.”
Archiving your email through Barracuda cloud storage solutions, for instance, may be the place to begin — whether to manage email growth and capacity, provide centralized management and control over centrally and locally stored legacy email messages, or enforce compliance and information management directives.
Even before migrating data or applications to the cloud, organizations should consider departments or employees may already be doing so on their own. It’s critical to develop a strategy to include “shadow-IT” cloud adoption, says Jones. He explains, “Shadow-IT possess a huge risk because IT has no oversight and control over the data, and sensitive information may be exposed.”
Additionally, while providers can offer recommendations, practices ranging from password policies to regular data backups are often the obligation of the cloud user. It’s important to train employees on these best practices. It's also important to guard against the risks of rogue IT access that happens from within your organization’s walls before an employee’s last day.
3. There's a lack of transparency with cloud.
One concern many have is that governance is hindered due to a lack of transparency or visibility in cloud environments. “Transparency and governance apply just as equally to the cloud as the internal data center,” says Jones.
He adds, “Several of the top-tier cloud service providers have certifications and Service Level Agreements (SLAs) in place to ensure transparency and governance, or compliance concerns are addressed.”
For instance, Symantec ensures compliance with external regulations and internal policies for securing and managing sensitive data. And its field specialists offer certified expertise in enterprise security, data protection, archiving and e-discovery, data loss prevention and IT compliance wherever they go.
Internally, it can take a lot of resources and effort to comply with these certifications. Because of the rigor it requires, many companies don’t have the ability to achieve this on their own. Look for providers who use CloudTrust Protocol (CTP), which outlines the appropriate processes and data for cloud migrations and helps inform risk management decisions.
You won’t be able to leverage the benefits of the cloud if you focus too heavily on the myths. As you’re considering your options, find out more about Insight’s cloud solutions.