There’s an assumption by many executives that the cloud is more secure than on-premise IT solutions. We’ve heard that expressed time and time again by decision-making business executives in numerous industries. “That’s secure; we’ve got it in the cloud.”
Is it true? Is cloud safer than what you could do on your own?
In most instances, you really don’t know. Cloud providers are reticent to share details on their security processes and procedures. After all, why give your potential opponents a head start? But it is reasonable to assume that major cloud providers are fairly secure, and if an end user assumes that their current infrastructure solution is not secure, that executive likely knows of holes in the security of their on-premise IT infrastructure and/or the processes that protect it. In that instance the processes of a major cloud provider with a significant customer base would likely offer more security than what someone is doing on their own.
But that’s an assumption. And in most cases, we really don’t know. Many enterprises and compliance-oriented users prefer to keep their most sensitive applications out of the cloud, hosted either in their own data centers or within their footprint in a multi-tenant data center. There’s usually a good reason for that. It might be a technology decision, or it might be mandated by auditors or attorneys for compliance reasons.
The most important characteristic of a company with a secure IT infrastructure is buy-in from your employees on adherence to a sensible security strategy. A company that puts thought into their IT infrastructure security and gets employees to follow it is in better shape than one that does not. No matter how solid a cloud provider’s security procedures are, the end user bears much responsibility.
Do you have solid security procedures in place that are followed to the letter by your employees?
What kind of access do your contractors have to your network?
What kind of screening takes place of your employees and contractors before they are given access to your network?
Are there employees and contractors who have more access into the network than their job functions would dictate?
These are just a few of the important questions your company faces. You don’t know for sure how secure your cloud is. But making sure you have a well-thought-out security plan that your employees are committed to will enhance your security stance whether you’re in the cloud, lease space in a multi-tenant data center, utilize a hybrid or managed cloud solution, or even host your own infrastructure.