There’s little doubt that security was a legitimate concern in the earliest years of the public cloud, when even the idea of a multitenant architecture led to all sorts of questions regarding trust and compliance. Now, however, many of those fears have been adequately addressed and the cloud can be just as secure, and is often more secure, than on-premises solutions. Still, new research from Bitglass, reported in MSP Mentor, shows that even within the information technology (IT) community, concerns regarding public cloud security remain pervasive. Cloud service providers (CSPs) have to focus on this issue when positioning their offerings.
Security Is Still Viewed as a Problem
Bitglass’s research on security and the cloud details the both the perceived and actual issues that continue to surround the cloud. According to the survey of over 1,000 IT professionals, 33 percent of businesses are experiencing more security breaches in the public cloud than with their internal solutions. While it’s possible some biases could affect these numbers, this still represents a large number of IT professionals legitimately worried about the cloud. Overall, 90 percent of respondents claimed they had some level of concern regarding public cloud security.
Still, when the survey drilled down into respondents’ actual security concerns, the majority were concerned with internal actors rather than external threats. Overall, unauthorized access to company data was the greatest security threat, followed closely by the hijacking of accounts and malicious insiders, all of which can stem from lax policies or employees ignoring existing rules.
When it comes to resolving these issues, the majority of respondents listed encryption as the most effective measure in securing information. A majority of respondents also noted that perimeter-based security was no longer sufficient as more and more data moves beyond the purview of existing firewalls.
Bringing the Solution into Focus
This is sobering news for CSPs, most of which hoped the empirical data would put fears of cloud security to rest. Still, businesses offering cloud-based solutions are often used to addressing security with their clients, so this news should be seen as a statement that things will probably never change. The perception of the cloud will likely remain the same, and doing things differently will not have much of an effect.
CSPs just have to accept that reassuring their customers and potential customers about their security setup will always be a part of their business. Whenever critical data is moved outside of a company’s data center, there are going to be questions about its safety. Compounded with the fact that a significant data breach can bring down most small and midsize firms, it’s only natural for these concerns to exist.
Moving forward, CSPs must assure their clients that the security solution in place is more than just a compliance checklist or rudimentary encryption and firewalls. Customers have to be sure that their data is properly segmented and safe — and that the CSP is vigilant in understanding emerging security trends. With the right presentation and the facts to back up any and all claims, CSPs who take security seriously can prove to their clients that data is as safe in the cloud as it would be anywhere else.
By Shawn Drew