Are recent big profile hacks a result of vulnerabilities in cloud security?
Go back a few years, and it wasn’t difficult to find concerns being expressed about cloud security. For while businesses could see obvious advantages to running their core enterprise systems in the Cloud, such a move undeniably meant having to rely on Cloud providers for security, rather than their own IT security experts.
And a succession of high-profile data ‘hacks’ only reinforced those concerns about cloud security. Senior business managers may not be experts in IT, but they certainly take note when—as at American retailer Target in late 2013—immense reputational damage and abrupt boardroom departures followed the theft of the personal data and credit card details of up to 110 million customers.
A similar data heist at Sony Pictures saw hackers target the company’s central administrative IT systems, stealing a wealth of embarrassing data, documents, and unreleased movies.
Even the United States government itself has been hacked: just last year, the personal data of every United States civilian federal government employee—reportedly some four million people—was stolen from servers belonging to the United States’ Office of Personnel Management.
And not surprisingly, concerns about cloud security are only exacerbated by such high-profile hacks.
Cloud security: smoking gun?
But here’s the rub. In the vast majority of hacks, the Cloud is only minimally involved, if at all, rendering such concerns largely irrelevant. Cloud security, in short, is not to blame.
Dig deep into how hacks occur, and it’s the usual mix of carelessness, sloppy data security practices, poor training, and downright stupidity. And not cloud security.
At Target, for instance, the data breach took place despite Target’s IT function investing in a sophisticated intrusion detection system—which had duly issued warnings that intruders had been detected. But the warnings were ignored.
At Sony Pictures, meanwhile, the attack was made much easier by Sony’s habit of storing system passwords in a plain text system directory named ‘Passwords’.
And the conclusion is obvious. On-premise or in the Cloud, if a business’s security practices are lax, then the risk of a security breach is heightened. It’s not so much where data is kept, but how securely it is kept.
Cloud security: is on-premise security worse?
And gradually, this message about cloud security versus on-premise security is getting across. Particularly among small and medium-sized businesses, which have always struggled with ensuring adequate levels of IT resource when it comes to security.
The plain truth: IT security—whether cloud security or on-premise security—comes at a price, and requires security experts appropriately skilled in the necessary protocols and procedures.
But when your IT department is largely comprised of a few generalists, chiefly concerned with keeping the ERP system running and supporting end-users, then it’s all too easy for those security skills to become out of date. Likewise, it’s also all too easy for security issues to be sidelined due to pressure of other work.
Cloud security: goodbye resource constraints
And with that realisation, comes the recognition that for many such businesses, it’s not difficult for cloud security to actually be more secure than on-premise security.
The major Cloud providers are large enough to afford to hire professional IT security experts, skilled and certified in the issues relating to cloud security. And the major Cloud providers are also well aware of the reputational damage that would stem from a major cloud security breach. Far from fighting for resources, in the Cloud world, cloud security is a high priority.
And in contrast to a typical business managing its own on-premise security, the cloud security environment managed by a Cloud provider’s cloud security experts is far more homogenous than the typical business—making the task of cloud security much simpler.
Cloud security: making the call
Put it all together, and a little thought reveals that many concerns around cloud security are misplaced.
Sure, IT security is important.
But far from being less secure than on-premise security, there are good grounds for thinking that cloud security can actually be more secure than on-premise security.
Are you evaluating Cloud Business Intelligence solutions? Download our free complete guide below to find out more.