Why is the cloud perceived to be insecure?

HomeBlogsWhy is the cloud perceived to be insecure?

Security is one of the most commonly-cited reasons why Enterprise and Public Sector customers are reluctant to embrace cloud computing, notwithstanding the many benefits it offers in other respects.

On the surface of it, it would almost seem that the question doesn’t need asking. After all, the very term cloud implies a degree of opacity – a lack of visibility as to where resources (applications, data, compute, storage, network etc.) are actually located. It would also appear to apply a similar lack of transparency as to who controls those resources – who sets policy, who enforces policy, how compliance is audited, and so on. Furthermore, the fact that access to many cloud-based services can be provisioned through a browser in no more time than it takes to enter an email address and a credit card number adds to the impression that this is not Enterprise-Class technology. It is entirely reasonable for businesses to be wary of the security risks posed by putting “crown-jewels” data assets in the cloud.

Does this mean, then, that Enterprises should simply stay away from the cloud, in spite of its obvious and well-publicized business transformation benefits and economic advantages?

In order to answer this, it is important to recognize that there is actually no such thing as “The cloud”. There are several well-accepted cloud paradigms and for each paradigm, there are multiple (and in some cases many) commercial service providers to choose from. The first thing that an Enterprise must do when considering a move to the cloud is to understand the business goals it wishes to obtain from the migration and then determine which, if any, of the cloud paradigms have the potential to fulfil those goals, while respecting the security considerations we have been discussing.

So what, precisely, is it that Enterprise cloud providers offer that makes their environment more secure, in the sense that we have been using the term, than Public cloud providers?’

Very simply – they do not “cloud” the data. In an Enterprise-class cloud environment, although the compute will be multi-tenant, the data will not. From a data security standpoint, an Enterprise cloud provider will:

  • Physically separate each customer’s data onto separate physical disks, even if using virtual storage solutions
  • Only store that data in data centers known to and approved by the customer for that data
  • Manage the back-up and/or replication of that data in a predictable manner, as set out in either published terms and conditions or a bespoke SLA
  • Provide an advisory service as an integral part of the onboarding process to ensure that the customer’s security requirements are fully understood and reflected in the migration process and the deployment architecture
  • Provide full audit capability at all times so that the customer can ensure compliance with the terms and conditions or the bespoke SLA

To learn more about building your organization’s private, hybrid, public, or community cloud on xStream, please email to Mike.Palmer@colt.net.

Make Do

01 June 2015

Recent posts

What is Cloud Prioritisation?

Colt Cloud Prioritisation combines the benefits of optimised routing and direct peering infrastructure with traffic prioritisation between customer router and provider edge router. Customers can reach Microsoft Teams, Office 365, Azure, Windows Virtual Desktop, or any other Microsoft SaaS application with a consistent and SLA-backed user experience. Cloud Prioritisation customers can decide how much of...
Continue Reading

What is BYOC?

Bring your own Carrier (or BYOC) is a concept which has begun to gain more traction during the rise of collaboration platforms such as Microsoft Teams. As Microsoft’s own calling plans do not suit every business, they have introduced ‘Direct Routing’ as a way for companies to integrate their existing telephony vendors into their technology...
Continue Reading

What is CCaaS?

Contact Center as a Service (CCaaS) is a cloud-based software that gives businesses access to the provider’s contact center solution through a scalable, pay-as-you-go pricing model where specific features are available on an as-needed, a la carte basis. CCaaS technology (also called hosted contact center software) is entirely hosted and maintained by the provider —...
Continue Reading