No matter what industry you’re in, organizations considering adding cloud-based services and applications typically meet some kind of resistance. Adopting new (and even not-so-new) cloud technologies often means clearing a few hurdles about security.
Healthy skepticism is certainly valuable, especially since the cloud is a completely different environment with operational complexities unlike on-premises solutions. It merits in-depth discussion. When you have those conversations over security concerns, make sure you’re addressing actual security concerns and not spinning your wheels on misconceptions with these three tips.
1. Don’t confuse concerns about control with security
“Anything that can be possibly accessed from outside — whether enterprise or cloud — has equal chances of being attacked, because attacks are opportunistic in nature,” cloud expert David Linthicum said, “The physical location of your data matters less than the means of access.”
Like any IT platform, cloud technologies need a strategic, detailed security program. Look at the existing security programs in place for your on-premises implementations. What protocols would you need to revise for a cloud environment? Create a clear delineation of what security areas you expect your cloud service provider (CSP) to provide and what your organization will control.
2. Give credit where credit is due
“Those who build cloud-based platforms for enterprises typically focus more on security and governance than those who build systems that will exist inside firewalls,” said Linthicum.
In other words, your local machine presents more opportunity for compromise than a remote data center. This is due, in large part, because of our insecurity about security. CSPs are hyper-vigilant about security because they have to be, employing state-of-the-art technologies to secure their data centers to alleviate our collective paranoia about the cloud while many onsite server rooms sit behind a closed, sometimes locked door.
The inherent redundancy of cloud solutions is arguably safer than physical storage. Locally-stored data is vulnerable. Onsite backups may be lost to fires, hurricanes, or other natural disasters. One hard disk failure could result in the loss of hundreds of gigabytes of data. You typically need up to three failures occurring at the same time at multiple locations to lose data on the cloud. And, often even that “lost data” is often recoverable.
3. Comfort leads to complacency
Like people, organizations can get too comfortable. Concerns about changing your operating environment might actually just be concerns about the overall change itself, not the environment. This is why it’s important to know what your organization is seeking to achieve with cloud solutions or services. A languishing legacy system that’s outlived its upgrade path doesn’t offer any value to your organization, even if everyone knows how to use it. It only adds costs — both in terms of total cost of ownership, but also in lost opportunities. These systems can’t offer your organization the advantages — like cost optimization, improved access, and speed-to-market scalability— that cloud solutions can.
In today’s market, legacy systems can quickly become liabilities. Teaming up with an experienced CSP helps take the guesswork out of cloud technology. Together, you can create a cloud strategy that includes the security capabilities you need to keep your data safe and your IT execs from losing sleep.
About the Author
Synoptek is an established firm that provides information systems consulting and IT management services. Synoptek and its predecessors have been providing these services for 23 years.