Is the Cloud (More) Secure?

Last updated Apr 17, 2015

For all the research I’ve done for this article I’m convinced the Cloud is no more and no less secure than any other IT system.

Why, you ask?

There’s a perception the Cloud is either “safer” or “more vulnerable” than internal networks.

Sometimes the concern for vulnerability is mistakenly based on the distance of computing activity from the computing power, or whether the source of data is wired or wireless.

Most IT professionals cite cloud security as a high priority, but a whopping 82 percent also trust it enough to use it. There are suggested reasons why, keep reading.

Same Weaknesses

Technology services can be sourced in five basic ways for an organisation:

1. Conventional internal data centre
2. Private internal Cloud
3. Private service Cloud
4. Public Cloud
5. A combination of both Cloud and conventional

A typical Cloud storage system architecture includes a master control server and several storage servers.

Let’s look at what can go wrong.

The same weaknesses that plague conventional systems, plague Cloud-based systems. What typically changes when buying service from a Cloud provider is the cost of breaches and how “intimate” the risk is for the organisation to manage.

Risks include:

Simple user error, lack of education and mischievous and malicious challenges
Hardware glitches, obsolescence and simple service outages
The level of investment in sensible redundancy, firewalls, protective software, disaster and contingency plans
Inadequate budget and action plans to manage and assess the impact of risk and how risks are triaged and treated
Vendors and/or partners who are unreliable, too eager or inexperienced, who promise services and time frames too good to be true and/or too “cost-effective” to be true.
Worms and viruses still stalk anywhere people are trying to work or play with technology.
Damaging security breaches, spam (purposeful and playful), thief and disclosure of confidential data, denial-of-service attacks and even terrorism.

Cost of Breeches

As corporate systems have become accessible through the Internet, attacks on Web sites and networks have proliferated. Today, it’s estimated that nine out of ten companies experience unauthorised intrusions into their networks every year with a total cost from resulting damage running to $USD 17 B annually. Malicious computer misuse such as hacking and virus writing will cost the world economy an astounding $1.6 (£1.05) trillion this year, according to a new Price Waterhouse research study.

IT disruptions, regardless of conventional or Cloud based, are not only costly, they can paralyse a company’s ability to function and damage brand and reputation significantly. Yet few companies have done a thorough job of identifying and tempering their vulnerabilities.

Frog In A Pond Now

Many decision makers are hesitating to consider the Cloud because the thought of valuable and proprietary information floating around in a soft, fluffy cloud seems too risky (even for individuals).

Unbeknownst to some CIOs — like placing a frog in a cold pan of water and slowly turning up the heat — the Cloud has grown to where they’re not aware it’s too late to disengage from it.

There would be few organisations that are strictly conventional or Cloud-based; most are using and exploring a combination of ways to meet their growing needs.

Furthermore, while experience shows that legal and regulatory compliance is often a complex challenge for many organisations (and can vary from one region and industry to the next) only 18 percent of respondents in a KPMG survey said it was impacting cloud adoption within their organisations. “However, this result is likely to be more a function of complacency or lack of awareness of regulatory challenges and risks than of buyers’ skills or prowess at actually addressing these challenges,” according to Shahed Latif, Principle, KPMG in the USA.

This is part one in a series on Cloud Security. Next time: “How to Minimise Cloud Risks”