Does Using a Cloud Service Provider Increase An Organisation’s Security Risk?
Security within a cloud computing environment is a hot topic and one of the most debated subjects when considering any Cloud implementation. Whilst there are valid concerns, an important false perception still exists which needs to be dispelled forever.
Perception Using a Cloud Service Provider Increases An Organisation’s Security Risk
Where systems, data or both are moved into the cloud and away from an organisation there is a false perception that control is lost and the risk of data loss is greater removing any possibility of gaining business justification.
The major cause of the fear in many organisations is the perception that moving to the Cloud brings about a loss of control and instigates a higher level of risk. As most organisations currently locate, manage and support computers systems within their own data centres or computer rooms staffed by the company’s employees, it is easy to understand why a company’s viewpoint is of complete control is low risk.
However, when comparing a cloud service provider to an IT department, it is important to realise an IT department is a function of a larger organisation whose end product may have nothing to do with IT, whereas the cloud provider is a commercial supplier whose key product is their cloud, consequently the cloud provider has a huge vested interest in ensuring the highest-class service from the product their business is based upon.
To be very clear, there have been many high profile cases surrounding the loss of data over the years that has seen security become the key question of the customer when opening discussions with a cloud service provider. Importantly, cloud service providers typically invest in some of the best and most sophisticated security solutions available, whilst these solutions may often be way beyond the budgets of many organisations, they are made affordable using the cloud service provider’s economies of scale.
Security delivered by the cloud service provider considers all aspects. From the data centre facilities that are often built “like Fort Knox”, through to the networks entering the data centre where multiple paths from multiple providers are established and then through into the core systems where expensive intrusion detection and auditing systems ensure that the provider is fully protected and aware of what is going on across all their customers networks.
Reality – The cloud and cloud service providers will often provide higher levels of security than can be achieved by a normal IT department and the security available not only has more strength but also much more depth.