Why is the cloud perceived to be insecure?
Security is one of the most commonly-cited reasons why Enterprise and Public Sector customers are reluctant to embrace cloud computing, notwithstanding the many benefits it offers in other respects.
On the surface of it, it would almost seem that the question doesn’t need asking. After all, the very term cloud implies a degree of opacity – a lack of visibility as to where resources (applications, data, compute, storage, network etc.) are actually located. It would also appear to apply a similar lack of transparency as to who controls those resources – who sets policy, who enforces policy, how compliance is audited, and so on. Furthermore, the fact that access to many cloud-based services can be provisioned through a browser in no more time than it takes to enter an email address and a credit card number adds to the impression that this is not Enterprise-Class technology. It is entirely reasonable for businesses to be wary of the security risks posed by putting “crown-jewels” data assets in the cloud.
Does this mean, then, that Enterprises should simply stay away from the cloud, in spite of its obvious and well-publicized business transformation benefits and economic advantages?
In order to answer this, it is important to recognize that there is actually no such thing as “The cloud”. There are several well-accepted cloud paradigms and for each paradigm, there are multiple (and in some cases many) commercial service providers to choose from. The first thing that an Enterprise must do when considering a move to the cloud is to understand the business goals it wishes to obtain from the migration and then determine which, if any, of the cloud paradigms have the potential to fulfil those goals, while respecting the security considerations we have been discussing.
So what, precisely, is it that Enterprise cloud providers offer that makes their environment more secure, in the sense that we have been using the term, than Public cloud providers?’
Very simply – they do not “cloud” the data. In an Enterprise-class cloud environment, although the compute will be multi-tenant, the data will not. From a data security standpoint, an Enterprise cloud provider will:
- Physically separate each customer’s data onto separate physical disks, even if using virtual storage solutions
- Only store that data in data centers known to and approved by the customer for that data
- Manage the back-up and/or replication of that data in a predictable manner, as set out in either published terms and conditions or a bespoke SLA
- Provide an advisory service as an integral part of the onboarding process to ensure that the customer’s security requirements are fully understood and reflected in the migration process and the deployment architecture
- Provide full audit capability at all times so that the customer can ensure compliance with the terms and conditions or the bespoke SLA
To learn more about building your organization’s private, hybrid, public, or community cloud on xStream, please email to Mike.Palmer@colt.net.