There’s no question that the number of cyber attacks is on the rise. More and more these breaches are being covered by media sources outside of the standard IT media world. When Sony and Target experienced their security breaches, CNN and just about every other news source covered it for days. While these large security breaches are covered more widely, cyber attacks are certainly growing and securing the data kept in the cloud is making its way to the top of IT security to-do lists.
Cloud security is certainly an animal in and of itself and there are plenty of non-truths out there that are preventing corporate IT departments from making investments in cloud security. Here are three truths of cloud security that people tend to misunderstand.
Keeping Data On Premise Isn’t Necessarily Safer
There’s a common misconception that data on premise is safer than data off premise but this isn’t actually backed up by independent data. In fact, given that most hackers use employees as an entry point into corporate networks, research shows that attacks are more likely in non-cloud systems than in the cloud. Combined with the fact that the technology used in cloud systems is the same as that employed by on premise networks (hypervisors and VLANs), the human factor is still the biggest security threat to networks.
Cloud Security is Not Self Service
While cloud service can seem simple thanks to self service options for public cloud security policies, these controls aren’t the most important aspects of cloud security. Visibility tends to be a higher priority and this can be challenging, particularly when achieving a view of cloud and non-cloud system interactions. Management tools will often lead to a more complex environment, particularly if they’re aligned with old IT management practices.
You Can Control Your Data in the Cloud
The nature of public cloud storage can be an interesting beast to manage and those who have a heightened sense of concern with controlling their data could see this as a security issue with less than reputable service providers. Understanding the data at rest and data in transit encryption methods being used by your service provider will help to alleviate these concerns, as will understanding your provider’s procedures for accessing customer information.