Is cloud computing secure?

Share this post:

Cloud is everywhere, and it is penetrating our lives and the industry more and more, even if it is not physically visible to us. This fact may contribute to one of the major concerns about cloud: IT security and privacy. News about breaches into server systems, leaks in social media networks, industrial espionage in well-established industries and other security incidents increase the fear that such things can happen to yourself or your company.

More than fifteen years ago, when IT security started to become a concern and firewall technology become popular, a company creating firewall technology got a “splendid” idea. They recognized that selling a piece of firewall software alone did not bring expected earnings. When they started to buy low-end computers that satisfied the minimum requirements to run their firewall software and painted the boxes a fiery red, their product sold splendidly. The customer CEO was not only able to tell that they have a firewall enabled, but also point to the red box and feel more comfortable because he or she had a dedicated physical box.

So when we talk about infrastructure as a service (IaaS) as an abstract cloud service, the customer wants to know how security on cloud compares to the traditional IT environment with firewalls, routers, switches and servers running on dedicated hardware. The answer is: it depends!

How is traditional IT infrastructure secured?

Take the traditional in-house IT infrastructure of a medium-sized company as an example. This infrastructure may be protected by any of the following:

• Physical means
• Firewalls
• Network separation
• Appropriate user ID and password management
• Security patch management
• Harmful code software
• Vulnerability scanning
• System security checking
• Encryption of sensitive data and network traffic
• Intrusion detection and prevention systems
• Unauthorized activity monitoring
• Logging and alerting
• Employee IT security awareness education

Applying a robust security policy, industry best practices and leading edge security tools will contribute to confidence in a high level of IT security. Additionally, this company may seek and receive certifications like the ISO27002 standard. Traditional IT environments can be made very secure depending on how much effort and money you want to spend!

Cloud uses the same approach to security

The same IT security policies, standards and best practices can be applied in the cloud as well! When you think of a cloud offering as an evolution of the traditional IT infrastructure and virtualization of components previously running on dedicated hardware, certain things change for sure. The provisioning or deletion of a standard virtual server happens much faster than doing the same on dedicated hardware, for example. But certain things remain, like your company’s security policy.

The question is regarding how you use the virtual server: Do you want to process sensitive data or business critical processes on it? You can! You have to ask the same IT security, privacy and regulatory questions you would ask in the traditional IT environment. You may have to ask additional questions, such as how to prohibit the possibility of an unauthorized deletion of virtual instances or how to ensure that sensitive data from various sources is encrypted and not being mixed with each other.

Experienced IBMers enable cloud security

Cloud computing can be made, at minimum, as secure as the traditional IT environments. But the IT security gain is not done by painting firewall boxes in bright red, but by enabling the right level of IT security policies in the cloud infrastructure and the provisioned virtual machines (VMs). IBMers work as security architects, security specialists, developers, testers and auditors to make the cloud even more secure than the traditional IT. They’ve run their own and customers’ traditional IT environments for decades and are best positioned to bring their security experience into the cloud—and they do it continuously. In the end, it’s the customer who decides on the level of IT security in the cloud or the traditional IT environment they want to afford based on the risk assessment made.

Cloud is real and you can touch it! Some misconceptions sometimes make us believe that it is less secure than traditional IT. Have you asked your cloud provider about the IT security policy they have implemented in their offerings? Please leave your comments below or find me on LinkedIn.

Learn more about cloud basics in our series: Cloud 101

What is cloud computing?

How does cloud computing work?

Cloud computing basics

What is platform as a service (PaaS)?

What is infrastructure as a service (IaaS)?

What is software as a service (SaaS)?

What is hybrid cloud? 

Top 7 most common uses of cloud computing

Is cloud computing secure?

What is dynamic cloud?

How to explain cloud to your spouse

What is mobile cloud computing?

More Security stories

Chatmantics improves customer experiences by replacing call center IVR with AI on IBM Cloud

We’ve all called a company’s customer service number only to be greeted by an interactive voice response (IVR) system. The IVR will say to press one for this and two for that and so on. You must wait for the correct number to enter your account information “so that we may better serve you” but […]

Continue reading

Comprehensive strategy for enterprise cloud: Where power meets flexibility

Enterprises have embraced the cloud: according to the 2018 IDG Cloud Computing study, 73 percent of enterprises surveyed now host at least a portion of their enterprise computing infrastructure on the cloud, and many have lifted and shifted their simplest workloads to the cloud. But recent survey data also reveals multiple concerns about security, vendor […]

Continue reading

How an AI application is helping improve quality control in the egg farming industry

People typically open a carton of eggs before buying it to be sure none of the eggs are cracked. No one wants to deal with the mess of cracked eggs. For egg farmers, one “bad egg” in a carton means the retail store must be credited for the entire carton. That could potentially waste as […]

Continue reading