The Cloud Dilemma - Is Your Cloud Provider Secure?

Reading time: 8 min
Share this Share on email Share on twitter Share on linkedin Share on facebook

In 2010, cloud adoption among US small medium businesses (SMBs) was just 5 percent—today, 37 percent are on the cloud, and the percentage will double by 2020, according to Forbes.

In the EU, 12% of small and medium-sized enterprises (SMEs) used public cloud computing in 2014, a survey by the European Commission’s Eurostat statistics service says.

Germany leads the way in adoption of cloud computing in Europe. Small businesses are accelerating their adoption of public cloud services for business applications, computing resources and development platforms.

Cloud services continue to reshape the IT market for small and medium businesses with a wide array of services and applications now available to help them grow, collaborate and compete in the global marketplace.

And if global trends are to be believed, the use of cloud-based services is set to rise as more and more businesses become cloud-ready. Driven by benefits such as reduced upfront investments in hardware and software, flexibility to access work files from anywhere, hassle-free automatic updates, small businesses are considering moving services and even critical systems to the cloud.

A key concern for business applications, along with performance and reliability, is security. This puts pressure on cloud providers who need to offer secure, fast and reliable connections. In fact, security is among the top qualities expected from a direct connection with a cloud provider, according to a 2015 study.

A trust issue

Trust in the cloud has increased significantly among different industries. Banks have slowly started to use public cloud services, in particular for those parts of their business which depend on speed and flexibility. And their business requirements are not simple. They need cloud providers who understand regulatory requirements related to security and data confidentiality, and can build and help operate IT workloads in a compliant cloud environment.

More businesses plan to move mission-critical work to the cloud. 81% of companies are shifting mission critical apps to the cloud by 2016, according to a study by Forrester Research.

"We've seen a real transition from use cases in previous surveys where early SaaS adoption focused on smaller pilot projects” according to a Gartner survey. “Today, the projects are mission-critical and production grade. This is an affirmation that more businesses are comfortable with cloud deployments beyond the front office running sales force automation (SFA) and email."

One reason behind increased trust is that the market is dominated by big companies spending billions of dollars on R&D. Startups are also leveraging new and emerging cloud technology as a path to growth.

As businesses carry highly sensitive data, they need strong security. A secure cloud ecosystem has the controls needed to protect the confidentiality, availability and integrity of the systems and data that reside in the cloud. More specifically: 

  •   Encryption and key management. Data should be encrypted when it travels back and forth over the internet and when it is hosted in the cloud provider’s environment.
  •   Identity and access management. Cloud providers with the most forward-thinking authentication technology are using multi-factor authentication.
  •   Secure data centers that are equipped with physical security measures against intrusion.

If they comply with these minimum security necessities, cloud providers can “do a much better job of security than any one company or any one organization can probably do,” according to Tony Scott, United States Chief Information Officer.

However, cloud providers don’t take care of all the security needs of a company, as many businesses mistakenly assume. Security in the cloud should be viewed as a shared responsibility.

“Cloud computing is pretty secure for non-critical operations, but there is still enough work to be done in terms of securing critical infrastructures”, said Bogdan Botezatu, Senior E-Threat Analyst at Bitdefender. “We have to remember there is no such thing as 100% security.”

Data sovereignty concerns

The matter is still sensitive and complex, as corporate executives are still hesitant about storing confidential business information with third-party cloud services. Especially since SMBs are starting to recognize the value of their data. Despite their size, they can handle a trove of information, such as intellectual property, personal information about customers, bank account numbers and credit card data.

But a key issue that still makes executives ponder the use of cloud technologies concerns liability.

Cloud services are often hosted in one country and used in others. Service providers may use data centers scattered around the globe, so companies may feel uncertain of the location of their data. In addition, there may be issues of legal jurisdiction in the event of a dispute and uncertainty about the applicable law. Thus, a security breach becomes more than a technical problem, but one of liability and accountability as well. Not surprisingly, 70% of businesses want to work with a cloud implementation provider that offers a single point of accountability – this means making a single person accountable for the whole process.

All in all, the future holds great promise when it comes to the cloud. And hackers know it oh so well. Cyber-criminals and hackers are now attacking cloud environments almost as frequently as traditional infrastructures.

To reduce risk of cloud data leaks, IT teams should manage risks through tactics like awareness training for employees, mechanisms for encrypting data and the right policies for maximum data security.

data center security performance