Security

Is cloud computing secure?

Share this post:

Cloud is everywhere, and it is penetrating our lives and the industry more and more, even if it is not physically visible to us. This fact may contribute to one of the major concerns about cloud: IT security and privacy. News about breaches into server systems, leaks in social media networks, industrial espionage in well-established industries and other security incidents increase the fear that such things can happen to yourself or your company.

More than fifteen years ago, when IT security started to become a concern and firewall technology become popular, a company creating firewall technology got a “splendid” idea. They recognized that selling a piece of firewall software alone did not bring expected earnings. When they started to buy low-end computers that satisfied the minimum requirements to run their firewall software and painted the boxes a fiery red, their product sold splendidly. The customer CEO was not only able to tell that they have a firewall enabled, but also point to the red box and feel more comfortable because he or she had a dedicated physical box.

So when we talk about infrastructure as a service (IaaS) as an abstract cloud service, the customer wants to know how security on cloud compares to the traditional IT environment with firewalls, routers, switches and servers running on dedicated hardware. The answer is: it depends!

How is traditional IT infrastructure secured?

Take the traditional in-house IT infrastructure of a medium-sized company as an example. This infrastructure may be protected by any of the following:

• Physical means
• Firewalls
• Network separation
• Appropriate user ID and password management
• Security patch management
• Harmful code software
• Vulnerability scanning
• System security checking
• Encryption of sensitive data and network traffic
• Intrusion detection and prevention systems
• Unauthorized activity monitoring
• Logging and alerting
• Employee IT security awareness education

Applying a robust security policy, industry best practices and leading edge security tools will contribute to confidence in a high level of IT security. Additionally, this company may seek and receive certifications like the ISO27002 standard. Traditional IT environments can be made very secure depending on how much effort and money you want to spend!

Cloud uses the same approach to security

The same IT security policies, standards and best practices can be applied in the cloud as well! When you think of a cloud offering as an evolution of the traditional IT infrastructure and virtualization of components previously running on dedicated hardware, certain things change for sure. The provisioning or deletion of a standard virtual server happens much faster than doing the same on dedicated hardware, for example. But certain things remain, like your company’s security policy.

The question is regarding how you use the virtual server: Do you want to process sensitive data or business critical processes on it? You can! You have to ask the same IT security, privacy and regulatory questions you would ask in the traditional IT environment. You may have to ask additional questions, such as how to prohibit the possibility of an unauthorized deletion of virtual instances or how to ensure that sensitive data from various sources is encrypted and not being mixed with each other.

Experienced IBMers enable cloud security

Cloud computing can be made, at minimum, as secure as the traditional IT environments. But the IT security gain is not done by painting firewall boxes in bright red, but by enabling the right level of IT security policies in the cloud infrastructure and the provisioned virtual machines (VMs). IBMers work as security architects, security specialists, developers, testers and auditors to make the cloud even more secure than the traditional IT. They’ve run their own and customers’ traditional IT environments for decades and are best positioned to bring their security experience into the cloud—and they do it continuously. In the end, it’s the customer who decides on the level of IT security in the cloud or the traditional IT environment they want to afford based on the risk assessment made.

Cloud is real and you can touch it! Some misconceptions sometimes make us believe that it is less secure than traditional IT. Have you asked your cloud provider about the IT security policy they have implemented in their offerings? Please leave your comments below or find me on LinkedIn.

Learn more about cloud basics in our series: Cloud 101

What is cloud computing?

How does cloud computing work?

Cloud computing basics

What is platform as a service (PaaS)?

What is infrastructure as a service (IaaS)?

What is software as a service (SaaS)?

What is hybrid cloud? 

Top 7 most common uses of cloud computing

Is cloud computing secure?

What is dynamic cloud?

How to explain cloud to your spouse

What is mobile cloud computing?

More Security stories

Talium, Irene Energy remove barriers to accessing electricity in Africa

Approximately 600 million people do not have electricity in Africa according to reports on World Bank data. Even though progress has been made to get more people in Africa on the grid, the absolute number of people without power remains the same due to population growth. In rural areas, cell phones are vital for people […]

Continue reading

4 steps to modernize and cloud-enable applications

Customers today are no longer satisfied by the traditional consumer-business relationship. Instead, they expect engaging and informative digital experiences. In order to match these expectations and stay ahead of the curve, organizations must lean into digital transformation. Businesses need to modernize both customer-facing and enterprise applications to support a customer-centric approach to business. Developing a […]

Continue reading

Simplify modernization and build cloud-native with open source technologies

Cloud-native technologies are the new normal for application development. Cloud-native creates immeasurable business value with increased velocity and reduced operational costs. Together, these support emerging business opportunities. Advancements in application development have focused on net new applications. We have seen that existing applications that cannot easily move to the cloud have been left on traditional […]

Continue reading