Cloud Security

Cloud myths debunked

While the cloud might be the status quo for many modern enterprises, it still remains a topic of contention. Traditional on-premise infrastructure that is cumbersome, expensive and difficult to support and maintain is being reimagined through the cloud, but many organizations still hesitate to move to the cloud. Why? Enterprises perceive problems they believe the move could incur—including security issues, complicated reconfiguration of systems and applications and a lack of control over sensitive data, among other reasons. 

But businesses must take advantage of the cloud in order to keep pace with a rapidly evolving market, not to mention today's security threats. We can't continue to rely on traditional appliances and solutions that have failed to keep up with the new cloud norm. In support of this change, I've outlined four cloud myths that keep enterprises from making the leap and why they're wrong.

Myth #1: We don't really use the cloud – You may believe you don't use the cloud, but you're wrong. The advent of BYOD (bring your own device) and the hundreds of productivity apps now available to employees means “shadow IT” is a reality for any large business. App downloads are predicted to reach over 268 billion by 2017 and employees routinely download and use their own cloud applications – like Dropbox or Evernote – whether they are sanctioned by their business or not.

"...control should not be tied to a platform or location.”

The cloud's momentum is unstoppable as the consumerization of IT continues to push personal cloud apps into the enterprise and traditional enterprise apps – like Office 365 – move to the cloud. As a result, it's no longer viable to say “no.” IT must go from “Block or Allow” to “Manage and Monitor.” Businesses must use network data to better understand employee behavior. In doing so, businesses can implement the cloud apps that employees need to be productive in a manner that doesn't expose the company to unnecessary risk. 

Myth #2: Hardware appliances are more reliable and grant more control over scale and performance – Physical appliances only offer the illusion of greater reliability and control. Many enterprises are not focused on appliance security, or developing and maintaining IT solutions because they remain cost centers. Although there seems to be more control, the on-premise approach often only keeps appliances around longer than they should with lackluster maintenance that gets complicated with increased scale.

On the other hand, cloud vendors live and die by their reputation and can afford to invest in the best resources because there are economies of scale. It also makes the growth and management aspect of business infrastructure much simpler. To compare, appliances require planning for anticipated demand, while the cloud permits paying for actual consumption as you go. Cloud elasticity also places the burden of resource planning on the vendor. Ultimately, scaling appliances can add complexity to the overall architecture, where cloud does not require major architectural changes.

Myth #3:  We lose control of our data – Moving data to the cloud does not mean you lose control over it. It is possible to implement adequate controls and security by isolating and understanding what data is sensitive and finding a cloud vendor that meets your needs. Put simply, control should not be tied to a platform or location. Data portability should be a requirement, as data should remain under corporate control but also remain accessible. But remember, not all clouds are equal. 

Myth #4: The cloud is less secure than on-premise solutions – Many of the recent high profile data breaches involved data stored on local systems, but cloud computing it still perceived as less secure. However, it's not a lack of security, but more of an issue of trust—like in the case of data ownership. 

In fact, a cloud model allows customers to focus on using apps instead of maintaining them. Your cloud provider is responsible for maintenance and adding new capabilities is as simple as enabling features instead of re-architecting your infrastructure. 

Cloud vendor resources are also less open to attack. Local solutions are less likely to implement strong data security and monitoring despite being typically Internet facing to accommodate remote users. While on the other hand, hypervisor vulnerabilities are rare and successful attacks even more so. Customer data is also properly encrypted and encoded by the latest standards, which is far less likely in a proprietary, on-premise solution that is not always updated.

According to a recent RightScale study, 93 percent of enterprises report they are adopting cloud computing in some form. Those that haven't should ask themselves if they are succumbing to these cloud myths. The world is shifting and you don't want to be caught lagging behind. 

Patrick Foxhoven is CTO of Zscaler.


Related

New Muddled Libra attacks set sights on cloud

Attacks by the Muddled Libra threat operation — also known as UNC3944, Scattered Spider, Scatter Swine, and Starfraud — have been redirected at cloud service providers and software-as-a-service apps as part of efforts to bolster its data extortion efforts, reports The Hacker News.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.