A recent survey of IT executives revealed that the majority executives rate security higher in public cloud than in their own data centers. Security has always been considered a risk factor associated with using public cloud services. It is often cited as the number-one showstopper when it comes to moving sensitive data to the cloud. However, there’s a growing sense that things may be more secure in the public cloud, especially since cloud providers pay a lot of attention to it, and make it their business to keep up with the latest security technology.
The survey was conducted by SADA Systems, who specialize in cloud migrations, so it’s to be expected they would want to demonstrate that cloud security fears are waning. But this is a trend that truly appears to be evolving in recent years, with an awareness that data security is becoming too complex a topic. With external and internal security threats becoming so relentless, end-to-end security is just too much for a corporate IT department to attempt to handle it on its own.
The survey’s key takeaway was that IT managers are more confident in the security and reliability of public cloud than they used to be, and as a result they are running more data and applications on public cloud infrastructure. The survey found that 51 percent said data security is better in the cloud than in their own data centers, and 58 percent said public cloud was the most secure, flexible and cost-effective solution for their organizations. In addition, 13 percent said they “trusted public cloud providers more than their internal teams” to handle data and applications.
Still, a majority, 51 percent, still said concerns about data security prevented them from adopting public cloud sooner. At least 54 percent said a major data breach or downtime issues experienced by public cloud providers might preclude them from using more public cloud infrastructure. The prevailing view is that if there is going to be a security breach, it’s better to have your own than to suffer someone else’s.
Thus, as comfort levels keep growing when it comes to cloud, security still needs to be the front and center concern when you are relying on someone else to manage your data and run your applications. The key is that while cloud providers may have all the bells and whistles for security solutions, along with the right training and certifications, the cloud customer still needs to take accountability over security. The customer needs to understand their vendors’ security protocols, and embed security strongly into service level agreements. Cloud customers need to do their due diligence and get to know what and how vendors are providing security.
Other issues affecting public cloud adoption focus on control, or the loss thereof. At least 40 percent of IT executives said they were hesitant to move to public cloud services due to concerns about stability and public cloud’s long-term viability. If a cloud service provider began to hit a financial slump, 34 percent would back away from that vendor. Another one-third were concerned with costs escalating beyond their control.
The survey also finds that 84 percent of respondents are using public cloud infrastructure today, led by Google Cloud Platform, Microsoft Azure and Amazon Web Services. Migrations to public cloud typically take three to six months to accomplish according to 45% of the survey respondents, and 23 percent said it took less than three months.
So companies need to think critically about whether they can get better security in a public cloud environment than they can by hosting their own data. An excellent article in InfoWorld written by David Linthicum encourages IT groups to consider that hackers target systems that are easier to breach, and that is proving to be enterprise data centres. There are numerous examples of breaches due to vulnerable or out-of-date systems that are just not as securable due to the aging infrastructure. As concluded in this article: “The bottom line is that any system, whether cloud or on-premises, is only as secure as the amount of planning and technology that goes into the data and applications. Cloud providers have done a better job, both because they have to and because their newer technology makes out easier for them to do so. IT should be taking advantage of that cloud security focus, not ignoring it.”
For assistance with your cloud strategies, or an assessment of your existing data security profile, contact PRIVATECH.