Is cloud computing secure?

Share this post:

Cloud is everywhere, and it is penetrating our lives and the industry more and more, even if it is not physically visible to us. This fact may contribute to one of the major concerns about cloud: IT security and privacy. News about breaches into server systems, leaks in social media networks, industrial espionage in well-established industries and other security incidents increase the fear that such things can happen to yourself or your company.

More than fifteen years ago, when IT security started to become a concern and firewall technology become popular, a company creating firewall technology got a “splendid” idea. They recognized that selling a piece of firewall software alone did not bring expected earnings. When they started to buy low-end computers that satisfied the minimum requirements to run their firewall software and painted the boxes a fiery red, their product sold splendidly. The customer CEO was not only able to tell that they have a firewall enabled, but also point to the red box and feel more comfortable because he or she had a dedicated physical box.

So when we talk about infrastructure as a service (IaaS) as an abstract cloud service, the customer wants to know how security on cloud compares to the traditional IT environment with firewalls, routers, switches and servers running on dedicated hardware. The answer is: it depends!

How is traditional IT infrastructure secured?

Take the traditional in-house IT infrastructure of a medium-sized company as an example. This infrastructure may be protected by any of the following:

• Physical means
• Firewalls
• Network separation
• Appropriate user ID and password management
• Security patch management
• Harmful code software
• Vulnerability scanning
• System security checking
• Encryption of sensitive data and network traffic
• Intrusion detection and prevention systems
• Unauthorized activity monitoring
• Logging and alerting
• Employee IT security awareness education

Applying a robust security policy, industry best practices and leading edge security tools will contribute to confidence in a high level of IT security. Additionally, this company may seek and receive certifications like the ISO27002 standard. Traditional IT environments can be made very secure depending on how much effort and money you want to spend!

Cloud uses the same approach to security

The same IT security policies, standards and best practices can be applied in the cloud as well! When you think of a cloud offering as an evolution of the traditional IT infrastructure and virtualization of components previously running on dedicated hardware, certain things change for sure. The provisioning or deletion of a standard virtual server happens much faster than doing the same on dedicated hardware, for example. But certain things remain, like your company’s security policy.

The question is regarding how you use the virtual server: Do you want to process sensitive data or business critical processes on it? You can! You have to ask the same IT security, privacy and regulatory questions you would ask in the traditional IT environment. You may have to ask additional questions, such as how to prohibit the possibility of an unauthorized deletion of virtual instances or how to ensure that sensitive data from various sources is encrypted and not being mixed with each other.

Experienced IBMers enable cloud security

Cloud computing can be made, at minimum, as secure as the traditional IT environments. But the IT security gain is not done by painting firewall boxes in bright red, but by enabling the right level of IT security policies in the cloud infrastructure and the provisioned virtual machines (VMs). IBMers work as security architects, security specialists, developers, testers and auditors to make the cloud even more secure than the traditional IT. They’ve run their own and customers’ traditional IT environments for decades and are best positioned to bring their security experience into the cloud—and they do it continuously. In the end, it’s the customer who decides on the level of IT security in the cloud or the traditional IT environment they want to afford based on the risk assessment made.

Cloud is real and you can touch it! Some misconceptions sometimes make us believe that it is less secure than traditional IT. Have you asked your cloud provider about the IT security policy they have implemented in their offerings? Please leave your comments below or find me on LinkedIn.

Learn more about cloud basics in our series: Cloud 101

What is cloud computing?

How does cloud computing work?

Cloud computing basics

What is platform as a service (PaaS)?

What is infrastructure as a service (IaaS)?

What is software as a service (SaaS)?

What is hybrid cloud? 

Top 7 most common uses of cloud computing

Is cloud computing secure?

What is dynamic cloud?

How to explain cloud to your spouse

What is mobile cloud computing?

More Security stories

French insurer teams with IBM Services to develop fraud detection solution

Auto insurance fraud costs companies billions of dollars every year. Those losses trickle down to policyholders who absorb some of that risk in policy rate increases. Thélem assurances, a French property and casualty insurer whose motto is “Thélem innovates for you”, has launched an artificial intelligence program, prioritizing a fraud detection use case as its […]

Continue reading

Cloud innovation in real estate: Apleona and IBM rely on new technologies

Digitization does not stop at the proverbial concrete gold — real estate. In fact, the real estate industry is on the move. Companies are realizing the benefits of digital transformation and are capitalizing on the power of new technologies such as cloud, AI and blockchain. Take, for example, Apleona GmbH, one of Europe’s largest real […]

Continue reading

Innovate with Enterprise Design Thinking in the IBM Garage

We’ve all been there. You have an amazing idea that’s really exciting. Maybe it’s a home improvement project, or perhaps it’s a new business idea. You think about all the details required to make it real. But, once you get to the seventh action item, you’re not so excited anymore. Sometimes when we realize the […]

Continue reading