Myth Busting Cloud Security – How Secure is the Cloud?

During my time in the industry, I’ve had many people ask me what is the biggest surprise or challenge that I’ve come across. Perhaps it's not surprising that it’s been dealing with the common misconception that the cloud is less secure than on-premises solution. This myth is exacerbated by the ambiguity that exists in many organisations, around cloud computing in general.

March 16, 2022

Why do On-Premises and Hybrid solutions present a higher IT security risk? 

 

It’s based on IT security being primarily grouped into two factors - physical and virtual security.   

In all environments except Public Cloud, both physical and virtual security must be understood, architected, and maintained by IT staff. IT team profiles are regularly profiled as being time poor, challenged by budgets and not able to keep up with the training required to stay ahead of the curve on all elements of IT.

By moving to Public Cloud, organisations can outsource the physical security elements, while maintaining responsibility and control of their virtual IT security architecture include policies, data protection, user access, networks and their software.

Yes, you would hand over physical security, but you are almost certainly doing this to an organisation better equipped to manage these environments.

This is represented by AWS in their ‘Shared Responsibility Model’ where they define their responsibility as “Security of the Cloud”, with organisations only need to focus on “Security in the Cloud” – which is the same virtual security practises they need to have in on-premise environments today.

 

Cloud Security AWS Model shared responsibility
aws.amazon.com/compliance/shared-responsibility-model/

The Scout Motto – “Be Prepared”.

In summary, it’s important to remember that your workloads are not secure by default, in cloud or on-premises. Your team (or IT partners) must understand the shared responsibility models with each Cloud provider.

By leveraging the tried, tested and certified physical security of Public Cloud providers – you will not only have an environment which is ‘as secure’ as your own, but will find that you can surpass anything you can achieve in-house.

If you’d like to have a conversation around cloud security or any other IT risk related items – feel free to get in touch.