Security

Is cloud computing secure?

Share this post:

Cloud is everywhere, and it is penetrating our lives and the industry more and more, even if it is not physically visible to us. This fact may contribute to one of the major concerns about cloud: IT security and privacy. News about breaches into server systems, leaks in social media networks, industrial espionage in well-established industries and other security incidents increase the fear that such things can happen to yourself or your company.

More than fifteen years ago, when IT security started to become a concern and firewall technology become popular, a company creating firewall technology got a “splendid” idea. They recognized that selling a piece of firewall software alone did not bring expected earnings. When they started to buy low-end computers that satisfied the minimum requirements to run their firewall software and painted the boxes a fiery red, their product sold splendidly. The customer CEO was not only able to tell that they have a firewall enabled, but also point to the red box and feel more comfortable because he or she had a dedicated physical box.

So when we talk about infrastructure as a service (IaaS) as an abstract cloud service, the customer wants to know how security on cloud compares to the traditional IT environment with firewalls, routers, switches and servers running on dedicated hardware. The answer is: it depends!

How is traditional IT infrastructure secured?

Take the traditional in-house IT infrastructure of a medium-sized company as an example. This infrastructure may be protected by any of the following:

• Physical means
• Firewalls
• Network separation
• Appropriate user ID and password management
• Security patch management
• Harmful code software
• Vulnerability scanning
• System security checking
• Encryption of sensitive data and network traffic
• Intrusion detection and prevention systems
• Unauthorized activity monitoring
• Logging and alerting
• Employee IT security awareness education

Applying a robust security policy, industry best practices and leading edge security tools will contribute to confidence in a high level of IT security. Additionally, this company may seek and receive certifications like the ISO27002 standard. Traditional IT environments can be made very secure depending on how much effort and money you want to spend!

Cloud uses the same approach to security

The same IT security policies, standards and best practices can be applied in the cloud as well! When you think of a cloud offering as an evolution of the traditional IT infrastructure and virtualization of components previously running on dedicated hardware, certain things change for sure. The provisioning or deletion of a standard virtual server happens much faster than doing the same on dedicated hardware, for example. But certain things remain, like your company’s security policy.

The question is regarding how you use the virtual server: Do you want to process sensitive data or business critical processes on it? You can! You have to ask the same IT security, privacy and regulatory questions you would ask in the traditional IT environment. You may have to ask additional questions, such as how to prohibit the possibility of an unauthorized deletion of virtual instances or how to ensure that sensitive data from various sources is encrypted and not being mixed with each other.

Experienced IBMers enable cloud security

Cloud computing can be made, at minimum, as secure as the traditional IT environments. But the IT security gain is not done by painting firewall boxes in bright red, but by enabling the right level of IT security policies in the cloud infrastructure and the provisioned virtual machines (VMs). IBMers work as security architects, security specialists, developers, testers and auditors to make the cloud even more secure than the traditional IT. They’ve run their own and customers’ traditional IT environments for decades and are best positioned to bring their security experience into the cloud—and they do it continuously. In the end, it’s the customer who decides on the level of IT security in the cloud or the traditional IT environment they want to afford based on the risk assessment made.

Cloud is real and you can touch it! Some misconceptions sometimes make us believe that it is less secure than traditional IT. Have you asked your cloud provider about the IT security policy they have implemented in their offerings? Please leave your comments below or find me on LinkedIn.

Learn more about cloud basics in our series: Cloud 101

What is cloud computing?

How does cloud computing work?

Cloud computing basics

What is platform as a service (PaaS)?

What is infrastructure as a service (IaaS)?

What is software as a service (SaaS)?

What is hybrid cloud? 

Top 7 most common uses of cloud computing

Is cloud computing secure?

What is dynamic cloud?

How to explain cloud to your spouse

What is mobile cloud computing?

More Security stories

7 pillars of a strong hybrid cloud security strategy

Hybrid cloud environments give companies the best of both worlds. They offer the elasticity and operational expenditure of public clouds with the data sovereignty, security and control found in a private cloud environment. By combining the two, companies can allocate workloads to the environment that makes the most sense for them. As organizations build these […]

Continue reading

5 data security techniques that help boost consumer confidence

These days, it seems like hardly any time passes between headlines about the most recent data breach. Consider the revelation in late September that a security intrusion exposed the accounts of more than 50 million Facebook users. For that matter, not much time goes by without a new survey or study that confirms the difficulty of […]

Continue reading

Machine learning: A key weapon in the cybersecurity battle

Since the dawn of the internet, companies have been fighting to stay ahead of cybercriminals. Artificial intelligence (AI) and machine learning have made this job easier by automating complex processes for detecting attacks and reacting to breaches. However, cybercriminals are also using this technology for their own malicious purposes. More and more hackers are exploiting […]

Continue reading