This blog was originally published by WatServ here
Is the Public Cloud Secure?
For as many years as the public cloud has been around, so has been the debate over whether or not it’s secure.
When AWS launched in 2006 and Azure shortly thereafter in 2008, the public cloud was considered uncharted territory. IT professionals didn’t know whether to trust it or be weary. This was much like in the early 2000s when virtualization technologies became financially possible for smaller organizations, yet many companies chose to stick with physical servers. It was only after years of repeated use and testing did organizations view the technology as safe and worthy of adoption.
We’re seeing a similar trend with the public cloud. As more companies test and adopt the technology, it has matured and established a strong foothold in the market. However, despite the trend towards widespread adoption, some IT professionals continue to approach it with skepticism.
Here are answers to three questions often asked about public cloud security.
1. “When it comes to security, is the public cloud weaker than on-premise implementations?”
This is a large and deeply debated topic. To cut to the chase: No. In our opinion, the public cloud is not weaker than on-premise implementations. Sure, this may have been the case years ago, but today, the public cloud has matured considerably.
The strength of technical and non-technical controls offered by public cloud service providers like Azure, Google Cloud Platform and AWS is significantly higher than most on-premise implementations. Even if you compare the public cloud to large data center providers, the public cloud has more security features implemented lower in the technology stack by default, which are “invisible” to customers (if you consider the shared responsibility model). As a result, customers are required to manage more controls on data center implementations.
2. “In my own data center implementation, I’m in control of security. So, doesn’t that mean I can make it more secure than a public cloud service?”
If you’re in control of your environment in a data center setting, yes, you can theoretically definitely make it more secure than anywhere else. However, seldom do companies do so. In fact, studies show that organizations rarely dedicate enough resources to do even 50% of what the public cloud service providers do in terms of security measures. Additionally, public providers are heavily certified – much more so than most customers or data center providers could ever achieve.
The major security risk of the public cloud lies in the fact that customers often believe once their workloads (or data) are in the cloud, they are secure – which is not true. Customers often forget that security controls are not “out of the box” in the public cloud, and instead are the customer’s responsibility as per the shared responsibility model. If this is not managed properly, it can result in major gaps and vulnerabilities, ready to be exploited by hackers. To put this into context: According to Gartner, by 2025, 99% of the cloud security failures will be the customer’s fault.
3. “Is the public cloud attacked more frequently?”
As its name implies, the public cloud is public. So, by its very nature, the public cloud is more exposed. In one sense, as the public cloud becomes home for big brands and companies, one can argue that these big brands are putting a target on the back of their cloud service provider. Yet, on the other hand, as service providers become a target, they’ve also evolved at an impressive pace. The threat of attacks, intrusion attempts and so on has spurred innovation to improve defense controls to the extent that it’s now hard to match the level of experience outside of a public cloud provider.
In conclusion, if you’re considering a move to the cloud and have questions about its security, you’re not alone. Although the cloud has proven to be the best option for many companies, it’s important to understand public cloud’s shared responsibility model and put in place a robust security plan before making the move. With those pieces in place, the cloud can offer a highly secure, resilient – and not to mention cost effective – environment that will benefit you today and over the long term.
Need help managing your cloud security and operations? Our team of cloud security experts can help. Contact us today to get started.