Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

Is The Public Cloud Safe?

Written by  Guest Contributor - John Mills, Cloud Security Expert Feb 09, 2020

As more and more organisations migrate to the cloud, there are the inevitable questions that arise around its safety and security.

Enterprises in particular need to know that their data is going to be secure if they choose to embrace a cloud-based model, particularly a public cloud. The biggest utterance I hear over and over is that “the public cloud is not safe because it’s easier to attack, and then anyone can access my data.” What we’re seeing, however, is that this statement is simply not true. The simplest way to explain the public clouds untruthes is to look at each component separately.

The public cloud is not safe (False).

When public cloud technology was new, there were concerns that it did not provide the requisite levels of security to keep data safe. These concerns were valid as the technology was not yet proven; however, this is no longer true. Cloud providers now have years of experience, dating back to the early 1990s when modern cloud computing was first introduced. Over the decades, they’ve fine-tuned data and application access, ensuring strong governance, rights management and systems monitoring.

Cloud Computing Security: Foundations and Challengesamazon uk

While the focus for on-premise and cloud-based IT is the same – to ensure application availability and security – cloud providers are able to scale this approach across multiple businesses and geographies. This scale and experience means that public cloud solutions, as long as they are well-managed, can actually prove more secure and reliable than their on-premise counterparts.

The public cloud is easier to attack (False).

Many enterprises think that embracing the public cloud is tantamount to placing all of their digital eggs in one basket. The concern here is that if the provider is attacked, all access to their data – and therefore the ability to conduct business – could be lost. In most cases, however, a successful attack requires there to be an unpatched vulnerability in order to gain access. As we know, keeping up-to-date with patches is one of the biggest challenges for any organisation.

A key benefit of the public cloud is that the provider takes the responsibility for patching and monitoring the network, as well as adding extra layers of security to separate internal network systems from externally accessible applications and data. By adding in this third-party vendor whose responsibility is to keep their systems up to date, it actually can bolster security and help keep data more secure than it may otherwise be if held within your organisation.

passwordsAlso see: Strong Passwords Matter

In the public cloud, anyone can access my data (False).

One of the biggest concerns people have with public cloud is the worry that they will lose control if they entrust it with their data. By essentially relinquishing a stronghold on the data, there are understandable questions about how secure it could possibly be. However, one of the key benefits that SaaS providers grant is data privacy. In fact, I would go as far to say that data in public cloud is harder for the “wrong people” to access than on-premise data.

For example, public cloud data is protected by authentication controls, which are constantly monitored by the cloud provider. And remember, it’s not just your data they are monitoring, but it’s many other customers as well. This ensures that should anyone try to breach your data for any cloud application instance, changes can be made in near real-time to automatically enhance cloud protection for all of the cloud provider’s customers. At the same time, individual businesses’ data is protected from access by others, such as competitors, as it is multi-tenanted. That means each data instance is unique and unaware of other data, using secure keys to obfuscate and prevent leakage. That makes it extremely difficult for an unwanted entity to access your information.

cloud security
The reality

In the end, the biggest truth about security in public cloud is that it provides security at scale. As a single organisation, everything you do is at a scale of one. You might learn from peers, monitor systems and patch and update applications, but there is no shared benefit to this approach. And, with the widely-documented shortage of skilled cybersecurity professionals available, it can be hard to keep up.

We often talk about the benefits of shared resources and information, particularly with cybersecurity. Think about how useful it is for security vendors to share threat information for the mutual benefit of their customers. It’s the same for customers within a cloud provider. As the customer base grows, as the provider monitors across multiple geographies and deals with attacks on a global scale, all of their customers will benefit. Any change enabling stronger public cloud security made by the provider for a single customer is automatically applied globally – ensuring stronger security for all.


1 comment

  • Michael John
    Comment Link Michael John Wednesday, 26 February 2020 10:08

    Excellent article and very reassuring

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Advertisement

Popular News

May 06, 2020 IT Security News

Popular VPNs Exposed Users to Attacks

Researchers analysed some of the most popular VPNs and discovered that two of them were affected by vulnerabilities that...

May 22, 2020 Cyber Security

EasyJet will be sued over customer data breach

Legal firm PGMBM, a specialist in group legal action, has issued a class action claim under Article 82 of the General Da...

May 19, 2020 IT Security News

EasyJet data breach: Over 9 million customers affected

The personal data of over 9 million EasyJet customers has been infiltrated by hackers, including over 2,000 users' credi...

May 18, 2020 Cyber Security

UK power grid operator Elexon hit by cyberattack

The UK’s power grid middleman Elexon has announced it has fallen victim to a cyberattack, which did not compromise pow...

May 05, 2020 Cyber Security

The importance of cybersecurity for UK businesses

Technology is constantly changing and at a pace which is hard to keep up with, but 'safety first' always applies. ...

May 11, 2020 Cloud Security News

Tips to help secure your cloud data in the UK

In this digital age, it’s not a great idea to trust someone with your sensitive data. ...

Apr 01, 2020 IT Security News

Online privacy is all but gone, say Brits

Nearly 80% of UK consumers believe they have lost any real control over how their personal data is collected and used by...

Apr 10, 2020 IT Security News

The importance of security for UK office printers

When it comes to digital security, we tend not to think about printers as they are often seen as dumb devices with a few...

May 07, 2020 Cyber Security

Three quarters of UK homeworkers haven't received cybersecurity training

As Covid-19-related cybersecurity threats continue to multiply, three in four of home workers are yet to receive any cyb...

May 14, 2020 IT Security News

Windows 10 is getting DNS over HTTPS (DoH) support

DNS is one of the last protocols that still runs unencrypted on the Internet. ...

Apr 11, 2020 IT Security News

Tips for testing an IT security experts worth in the UK

There is no shortage of people presenting themselves as security experts. Some of them truly are, the others may or may ...

May 20, 2020 IT Security News

To VPN or not to VPN for business users

It’s a question many organisations are asking as they work to provide secure and reliable remote access at scale. ...

May 27, 2020 Cyber Security

UK scared cybercriminals will use NHSX Covid-19 Tracing App to launch attacks

Nearly half (48%) of the UK public surveyed about the NHSX COVID-19 tracing app do not trust the UK government to keep t...

May 25, 2020 Cyber Security

Beware of security threats before deploying remote working

Remote working is receiving a great deal of attention recently for obvious reasons. The world has changed and remote wor...

Apr 22, 2020 IT Security News

Kaspersky shares 10 security and privacy tips when using Zoom

The recommendations from Kaspersky come following recent concerns regarding Zoom's security and privacy. ...

Apr 07, 2020 IT Security News

Eighty per cent of exposed Exchange servers remain unpatched

Over 350,000 Microsoft Exchange servers have not been patched against the CVE-2020-0688 post-auth remote code execution ...

Advertisement
Symantec Home 120x60

Advertisement