Why is the cloud perceived to be insecure?


Security is one of the most commonly-cited reasons why Enterprise and Public Sector customers are reluctant to embrace cloud computing, notwithstanding the many benefits it offers in other respects.

On the surface of it, it would almost seem that the question doesn’t need asking. After all, the very term cloud implies a degree of opacity – a lack of visibility as to where resources (applications, data, compute, storage, network etc.) are actually located. It would also appear to apply a similar lack of transparency as to who controls those resources – who sets policy, who enforces policy, how compliance is audited, and so on. Furthermore, the fact that access to many cloud-based services can be provisioned through a browser in no more time than it takes to enter an email address and a credit card number adds to the impression that this is not Enterprise-Class technology. It is entirely reasonable for businesses to be wary of the security risks posed by putting “crown-jewels” data assets in the cloud.

Does this mean, then, that Enterprises should simply stay away from the cloud, in spite of its obvious and well-publicized business transformation benefits and economic advantages?

In order to answer this, it is important to recognize that there is actually no such thing as “The cloud”. There are several well-accepted cloud paradigms and for each paradigm, there are multiple (and in some cases many) commercial service providers to choose from. The first thing that an Enterprise must do when considering a move to the cloud is to understand the business goals it wishes to obtain from the migration and then determine which, if any, of the cloud paradigms have the potential to fulfil those goals, while respecting the security considerations we have been discussing.

So what, precisely, is it that Enterprise cloud providers offer that makes their environment more secure, in the sense that we have been using the term, than Public cloud providers?’

Very simply – they do not “cloud” the data. In an Enterprise-class cloud environment, although the compute will be multi-tenant, the data will not. From a data security standpoint, an Enterprise cloud provider will:

  • Physically separate each customer’s data onto separate physical disks, even if using virtual storage solutions
  • Only store that data in data centers known to and approved by the customer for that data
  • Manage the back-up and/or replication of that data in a predictable manner, as set out in either published terms and conditions or a bespoke SLA
  • Provide an advisory service as an integral part of the onboarding process to ensure that the customer’s security requirements are fully understood and reflected in the migration process and the deployment architecture
  • Provide full audit capability at all times so that the customer can ensure compliance with the terms and conditions or the bespoke SLA

To learn more about building your organization’s private, hybrid, public, or community cloud on xStream, please email to Mike.Palmer@colt.net.

Case Study

OneAsia Network Limited

Colt Hong Kong Metro is adopted as a network for connection between data centres and financial hub…

Related Product
Network encryption circuit illustrating end-to-end encryption

Network Encryption Services

Protect sensitive data in motion with Colt IQ Network Encryption Services. Effective network security relies on multiple layers of defence, not just at the edge and core of the network but also along the network path. …

Blog
People working at a modern network services company

Colt, Semafone and PCI DSS compliance

Colt has partnered with Semafone to provide its Cardprotect solution for organisations taking payment from customers over the phone, in line with the PCI DSS regulation. …

Live chat with sales

For all your purchase enquiries.
Monday - Friday 9am-5pm

Chat with us

Contact our business sales team