Security is quoted often as one of the main inhibitors in the adoption of cloud computing. A cloud security policy focuses on managing users, protecting data, and securing virtual machines. So is the cloud really insecure? Should companies only place low risk workloads on the cloud?
It surprises some that cloud can actually be more secure than a traditional IT environment. A traditional IT environment requires the use of many different devices and tools to manage the infrastructure. Cloud on the other hand, is managed centrally. If there is a well managed cloud environment, the security can be more efficient. Cloud providers also have implemented a logging and auditing system that traditional enterprises can’t perform themselves. With this centralized security management, a provider has the ability to deliver security control to all of the company’s assets.
Even though a cloud can be more secure than a traditional IT infrastructure, there remain concerns surrounding security:
- If my cloud provider exits the market, what happens to all of my data? Is it still accessible?
- Because my information is available over the web, is it more vulnerable?
- When I terminate a contract with a cloud provider, will my data be deleted, and can I be assured it is removed?
These are valid concerns, and with 40% of enterprises planning on using the cloud, they need to be addressed.
Harold Moss, the IBM CTO of Cloud Security Strategy, has spoken on how cloud is fundamentally more secure than traditional IT environments. He says cloud vendors are able to invest greater resources in security for their servers. In a traditional environment, security can be “bolted on” after the fact whereas in a cloud environment, it is integrated throughout the whole infrastructure. Cloud represents a centralized model that allows for higher quality without incurring high costs.
Check out this video with Harold on cloud security on IFV News: