The cloud is growing larger every day, with more and more customers either storing their data there or using its other functions. In a time of rapid change, it's easy for the cloud to be seen by some as a panacea to cure their many IT ills, while for others it presents as a source of impending woe.
My current computer systems will work just as well in the cloud as they do today.
Sadly, no. A network requires servers that can be set up either locally or in the cloud. However, servers in the cloud are shared and the management of that sharing incurs performance overhead. This performance hit could impact specialized industry systems designed for on-site servers. As a user, you do not have control over when that might happen.
Virtualizing my servers is all I need for my company to succeed in the cloud.
Virtualizing is the process of taking a given task into the cloud, where a physical server creates a ‘virtual machine’ to help you complete it more quickly than you could on your own. But a virtualized server by itself is not enough to succeed. Just like there is more to a vacation than choosing the destination, success in the cloud relies on the automated management infrastructure around the server working well -- like packing the right clothes for that getaway.
The only way to keep hackers from breaking into my cloud is to build my own.
Not true! In fact, the variety of attacks a cloud sustains can actually make it more secure. That’s because the engineers protecting the network will be able to identify and correct more weaknesses. But that doesn't mean you need to build your own cloud. As your security needs grow, any increase in resources directed towards securing your cloud can provide an advantage, whether in money saved or attacks defeated.
My current means of working with very large sets of data will be the same - if not better - in the cloud.
Not true. The speed of the connection between where you access your data and where it is stored in your cloud might not be as fast as the high speeds you may be used to with an on-site server.
Applications I’m accustomed to using throughout my organization will work seamlessly after their support systems go to the cloud.
False. Using the cloud to host any application also means moving all of its supporting elements into to the cloud. While this shift can be beneficial, if access to the cloud is interrupted in any way, productivity could grind to a halt.
I’m worried that my cloud provider is spying on my activity in their cloud.
With privacy on many minds these days, the multi-billion-dollar cloud computing industry could collapse if even one major cloud provider was caught snooping on their user’s data -- or helping others do so. These providers are actually building security mechanisms to guarantee they themselves cannot access the data.
It is easy to change from one cloud provider to another whenever I want to.
Not true. In fact, the bottom lines of many niche cloud providers require them to lock in their customers, typically with long-term contracts or painfully high early termination fees. If you don’t go with an industry-leading provider, make sure to read all the fine print and get a professional second opinion.
For my organization, the cloud is an either-or proposition: I can either be in the cloud or I can keep my current setup with physical servers.
In reality, the most effective way for an organization to see the benefits of the cloud is to use both setups simultaneously as they slowly transition into the cloud.
All I need is a cloud to save money on my IT needs.
Not so fast. The cloud is able to easily adjust the amount of computing power you're using, giving a lot of flexibility to your budget. Focusing on cost alone, though, and not investigating how you might achieve significant efficiencies with new cloud technologies after you migrate could diminish your return on the cloud investment.
Once I’m in the cloud, I can help employees be more productive by giving them apps for their smartphones.
They keys to a successful app are often misunderstood. While a cloud’s ability to provide enormous computing power can help an app succeed, other factors can be equally important, like whether the app will work without a network connection. A hybrid approach combining local and offline data storage while interfacing with the cloud on an as-available basis is one best practice.
Misconceptions About Security Threats In Cloud Computing
Securing data stored in the cloud can be a daunting task, especially if all you hear are the myths. The more you know about the truth of security within the cloud, the more confident you’ll be about adopting cloud applications.
The public cloud is more easily breached.
Truth: Just because the public cloud is publicly accessible does not mean that your infrastructure is available to the public Internet, according to JP Morgenthal, a director with Perficient PRFT +%. “The subsequent part of this that holds some truth is that there are not as many trained professionals with skills on how to secure cloud applications and, thus, there is a greater likelihood of a mistake in the configuration of a cloud environment,” Morgenthal added. “These mistakes are a lot more difficult to make in a private data center. However, each is open to breach.”
All cloud apps are created equal.
Truth: You don’t use all of your cloud applications equally, so your security for cloud computing shouldn’t be a one-size-fits-all endeavor. “You need to treat each cloud application on a context basis,” explained Yair Grindlinger, co-founder and CEO of FireLayers. That means, depending on the sensitivity of the data, the profile of the user, the intended use of the data and other factors, different policies can be put into place to manage session authentication, data distribution control and other threats. “Privileged users may represent ten percent of your cloud users, yet they can cause eighty percent of the damage if their login credentials are stolen and taken over by hackers,” Grindlinger added.
You can rely on the cloud service provider to protect your business.
Truth: “Most users of cloud-based services wrongly assume that the service provider is responsible for managing the data, access and usage of their service. This just isn’t the case,” said Grindlinger. “Cloud service providers are charged with ensuring that their application and IT infrastructure is secure and in working order. It’s your obligation to manage passwords, protect against identity fraud, prevent loss or theft of devices, encrypt sensitive data, provide access to devices via secure networks and a host of other risk mitigation activities.”
Len Whitten, Senior Director Product Management at Sungard Availability Services, agreed:”A service provider can provide all the security, mitigation, and responses possible, but security will always be a shared responsibility with a customer. However, a service provider can certainly protect the rest of the infrastructure from noisy neighbors, DDS attacks, and other security concerns. In a multi-tenant environment, it is critically important that the provider ensure that for all intents and purposes it behaves as if it is a single-tenant infrastructure.”
The end user is powerless when it comes to securing the cloud.
Truth: As an end user, you do have some control over security, and you should exert that control, both over your data but also within your relationship with your cloud provider. As Simon Bain, SearchYourCloud CEO, pointed out, on the corporate level, this means not allowing the cloud provider to hold encryption keys; on a personal level, this means being careful about what information is placed in a cloud store or social media network, or about how you behave regarding online banking or e-commerce.
The corporate network provides protection even when using cloud apps.
Truth: Where it once had a firewall that separated sanctioned from malicious access to the Internet, mobility and the cloud have extended the enterprise network and exposed it to new risks, Gridlinger pointed out. So a new kind of security solution is required: a secure cloud gateway which can protect the interaction between the corporate network and the cloud.
