The recent celebrity iPhone hacking epic has reopened the debate: are systems hosted in the cloud less secure? Sure, iCloud is not really the same thing as a software-as-a-service (SaaS) platform that a business would use. Sure, it hasn’t really been confirmed that iCloud security was the even issue. It doesn’t matter. Right or wrong, the issue has reignited that icky feeling you get when you think about someone hacking the data that isn’t stored within the walls of your office.
But, rest assured. That icky feeling is not necessarily justified. Cloud solutions are not inherently a security risk simply because they are cloud-based. The numbers show quite the opposite, in fact. Even better? There are steps you can take to ensure you understand the implications of adopting specific cloud solutions, further mitigating your risk.
Understanding Security and the Cloud
The argument goes that once you store your data (often sensitive data about customers) outside the walls of your office, you relinquish control. By doing so, you put the management of your business’s risk in someone else’s hand. That puts your business, and probably your job, on the line.
But, there’s a logical fallacy to this argument. It assumes that you ever had control when the data lived within your four walls. It assumes that your data was completely safe, because you were watching it. For most organizations–where IT security simply isn’t a core competency–this just isn’t true. You can look at Target and Home Depot as popular examples. There are many more.
Organizations tend to find cloud solutions more secure, and the numbers back this up. Last year, Microsoft performed a double-blind study to determine just how secure or insecure cloud solutions were for small and medium sized businesses (SMBs). The results are telling. Per the study results:
- 94% of U.S. businesses said that their security improved in the cloud.
- 75% claimed that service availability improved in the cloud.
- 91% said the cloud made it easier for them to satisfy compliance requirements.
How about some of these statistics, compiled by Silicon Angle, earlier this year:
- 82% reported saving money by going to the cloud.
- 80% of business reported improvements after six months of being in the cloud.
Do those numbers tell the story of a hacker’s paradise?
Evaluating Cloud Platforms
These numbers show that, in general, moving to a cloud-based solution tends to improve security. Yet, despite what the data says, there is no such thing as 100% secure (cloud or no cloud). Not all cloud platforms are created equally. Understanding what makes them different means you can evaluate platforms, intelligently, to mitigate these risks.
When evaluating cloud-based technology solution vendors, keep the following in mind:
- Understand “cloud-based” versus “cloud-capable”. The former probably means what you think. The latter may mean nothing.
- Consider the cloud infrastructure provider that the solution uses. Reputable providers like Amazon Web Services and Rackspace are likely to provide a more stable, secure environment. If you ask and the vendor won’t tell, consider it a warning sign.
- Clarify whether your solution will run on dedicated or shared hardware. Shared hardware can mean that someone else’s processing volume can impact your application’s performance.
- There are many shades of gray between “dedicated” and “shared”. Ask potential vendors to be very clear what you are getting.
- Make sure you completely understand your vendor’s service level agreement (SLA), regarding uptime and performance. Vendors who offer a clear, no-funny-business SLA are likely capable of backing it up.
- Ask for verification that potential vendors are in fact secure and performant. They should be able to provide relevant certifications, statistics, and/or customer references. Make them prove it.
Cloud or no cloud?
As with any technology evaluation, you need to perform due diligence. You need to ensure you fully understand the details of the technology, how they manage security, and what happens when something goes wrong. While no solution can ever be completely rock solid, the good ones are pretty darn close. (Let us show you just how hardened our cloud platform is.) And, the numbers show that, in general, moving to a cloud solution brings some pretty nice benefits–tighter security included.
The key to selecting the right technology is knowing what to look for. Don’t be afraid of the cloud to be afraid of the cloud. Embrace it, smartly.