Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

Private cloud deployments don’t own the monopoly on data security

Published 08/04/2015

Private cloud deployments don’t own the monopoly on data security

By Aimee Simpson, Integrated Marketing Manager, Code42

56531783A recent Cloud Security Alliance (CSA) survey shows 73 percent of respondents cited security as a top challenge to cloud adoption for the enterprise.

For this reason, the enterprise majority still requires on-premises, private cloud deployments to achieve data security goals. But should the storage location itself be the primary concern?

Don’t mistake control for security

In the May 7 Forbes article entitled, “Why Cloud Security and Privacy Fears are Completely Misguided,” writer Marc Clark argues that it’s time to stop assuming on-premises deployments are the most secure cloud architecture available. Clark believes IT/IS leaders have confused on-premises access and control of data with true data center security.

When it comes to security, says Clark, the major cloud providers undergo rigorous audits to prove controls and policies meet compliance and security certifications. By contrast, most on-premises data centers do not undergo these same audits. Furthermore, corporate data centers generally do not receive as much budget and attention as cloud providers give to their data centers.

As Clark explains, this “makes perfect sense:”

If a retailer has a data breach, maybe some people don’t shop there for a few weeks or months. Or maybe customers start paying in cash more than by debit/credit card. So although security is important to these types of companies, the fact is that until they have a breach that costs them WAY more than they would have ever paid for better security, they typically aren’t putting the money and resources needed to really stay ahead in the security game. The insurance is considered more expensive than the risk. But for cloud providers, their product IS the cloud—not hammers or hobby crafts or paper towels. If a cloud provider has a security breach, trust is lost in their core product, full stop. And it is hard to recover that trust. Therefore, securing their product—the cloud—should and in most cases does get the money and resources it needs.

Don’t fit a cloud vendor, pick a vendor that fits you

Security is critical, but as Clark explains, it’s possible to find with the right cloud provider.

Ultimately you have to feel as though your cloud provider will take care of your data as well as, or better than, you will. And this is a question of security, not one of control. It’s time to stop assuming that the cloud is a less safe place to put your data than in an on-premises system. That ship (of excuses) has sailed.

It’s after questions of security are answered that control can and should be addressed.

Enterprises should partner with a vendor that, rightfully, doesn’t lessen control of data. At the most basic level, this can be accomplished by keeping encryption keys on-premises regardless of cloud architecture. Such a deployment provides IT with a new realm of benefits like on-demand storage scalability, reduced hardware management and no storage/network provisioning—all while rendering data unreadable to unauthorized people and agencies.

Share this content on your favorite social network today!