Working with modern cloud and data center technologies isn’t always easy. We’re seeing a boom in cloud adoption and data center utilization. A recent Cisco report estimates that by 2019, more than 86 percent of workloads will be processed by cloud data centers. Still, with all the success of cloud computing, it’s practically impossible to avoid the cloud security conversation.
Let’s face it, your data is valuable, and the bad guys are constantly looking for ways to get in. There is a direct economization around the hacking industry where the value of information continues to grow. Juniper Research pointed out that the rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019, increasing to almost four times the estimated cost of breaches in 2015.
Today, we’re seeing breaches of unprecedented scale. What’s often lost in the conversation, however, is the fact that the vast majority of these breaches happen within more traditional data center environments. Have we seen a massive cloud security breach at Amazon Web Services? What about Microsoft Azure? Yes, we’ve seen cloud outages that happen for various reasons – nothing is ever perfect – but the biggest cloud service providers have yet to see a massive security breach? The reality is that the cloud may be a lot safer for a business than you think:
- FEAR: I’m worried about this whole “shared” cloud infrastructure!
- REALITY: Modern cloud environments are specifically designed for secure multi-tenant workload delivery. That’s their DNA. They secure the underlying infrastructure, ensure that no systems can interact, and allow you to create your own environment on top. If you’re still concerned, simply ask for a dedicated server or dedicated virtual infrastructure. You might pay a bit more, but you’ll “own” that space. Still, multi-tenant environments when designed properly are good ways to consolidate users, improve costs, and still create a secure operating space.
- FEAR: I can never have my compliance or regulation-bound workloads in the cloud.
- REALITY: Today, organizations across all verticals are migrating to cloud. Providers now allow all sorts of workloads to live or pass through their infrastructure, and a multitude of certifications have been updated to accomodate it. They include PCI/DSS, SOX, HIPAA, FISMA, IEEE, and many more. Even the government got into cloud with FedRAMP. Here’s an example: HIPAA compliance in general can be a cloud nightmare. And so, a recent change to HIPAA (the Omnibus Rule) now allows for the creation of a "business associate." This allows cloud providers to work with protected healthcare information. Similarly, you can create powerful cloud e-commerce gateways that's also PCI/DSS compliant.
- FEAR: My business leaders worry about not being able to manage what they can’t see.
- REALITY: Cloud management has come a really long way. In fact, one of the dominant cloud models today is the hybrid cloud. In a recent report, Gartner analysts say that the use of cloud computing is growing, and by 2016 this growth will increase to become the bulk of new IT spend. 2016 will be a defining year for cloud as private cloud begins to give way to hybrid cloud, and nearly half of large enterprises will have hybrid cloud deployments by the end of 2017. This means organizations are finding ways to connect their on-premise envionments with the cloud. It’s important to see your cloud environment as an extension of your business. You will need to build in good management, good resource control policies, and good security best practices. However, cloud providers today are offering some granular management and visibility control solutions. You have much more control over your data, applications, and even users in the cloud than ever before. One of the best ways to see for yourself is to test it out. Almost every major cloud provider will let you test a small piece of their cloud for a group of users or a few applications.
There are a lot of fears caused primarily by lack of knowledge bout all the cloud options. There are many use cases for cloud computing, and yours may be unique. Some organizations plan entire data center migrations, while others only want to move one app. Either way, working with a cloud provider that has cloud services as their specific line of business is a really good idea. At the very least, testing out cloud platforms is much easier than ever before. Platforms like AWS, Azure, and Google Cloud Platform were designed with secure multi-tenant delivery in mind. Many create their own proprietary systems to control security, network routing, user load balancing, and automation.
Before you dive into cloud with both feet, however, know that there is no silver bullet for security. That means poorly designed workloads and cloud environments can make you vulnerable. Know what you’re hosting and how it’s being accessed, and always apply security policy best practices. This means testing out your systems and deploying an architecture that, if an attack does occur, can fence and stop the intrusion quickly. Cloud and security can absolutely get along.