The unsecured cloud – true or not?

Share this post:

It’s not uncommon to meet organizations avoiding cloud hosted IT solutions for security or data control reasons. But are cloud services really less secure than an on-premise solution?

Some common objections against using the cloud are usually based on an organization’s need to control their data. This can be related to regulations and compliance but most often a concern for data security is a major factor. All in all, we care about our data, and that is perfectly understandable, especially in times of GDPR and increased focus on information security. For these reason business systems and data are often managed in an on-premise environment.

However, is the cloud really less secure than an on-premise alternative? I general, the answer is actually no. The security measures larger cloud vendors put on protection of the data is often of a much higher standard than most small or mid-size organizations will achieve. Therefore by not using the cloud, in order to be compliant with internal policies, organizations may actually instead reduces their overall information security posture with higher business risk as a consequence. Furthermore, many cloud service providers invests heavily in data center security and compliance. As a result you will among the more serious cloud vendors find compliance with industry standards such as ISO 27001 and SOC I and II compliance.

Thus the overall objective of data security compliance (including confidentiality, availability and integrity of data) might be missed by an organization keeping its data in self managed on-premises environments.

So is it a question of compliance and security vs cloud? The answer is no, in most cases*. You can use cloud and still be compliant with i.e. data access controls requirements, encryption standards and industry regulations. As an example IBM Cloud follows strict industry compliance requirements . There is also already controls in place for your data’s privacy and protection.

Finally, most organizations already utilizes cloud hosted applications and services to some extent. A not uncommon example is Shadow IT among users. So instead of investing efforts to stay away from the cloud efforts should be spend on secure cloud usage.

*There are of course situations where cloud is not applicable like some cases of national state security, but then that data should of course be protected on the highest level.

For any further questions do not hesitate to contact me at:

Security Channel Manager IBM Global Markets - Cognitive Solutions Unit Industry Platforms

More Cloud stories

VIDEO: A dig deeper into Virtual Private Cloud (VPC)

Back in June, I published the blog “Virtual Private Cloud Is Here” where I explained some basic information about this new generation of IBM Cloud and the capabilities attached to it. To summarize, a Virtual Private Cloud is a public cloud capability that provides you the ability to define and control isolated virtual networks, and […]

Continue reading

Red Hat and IBM introduces a groundbreaking hybrid cloud platform – Red Hat OpenShift on IBM Cloud

As you’ve probably already heard, IBM has acquired Red Hat. But what are the prospects of the future? IBM and Red Hat are on a mission to rescale open source technology. Our goal is to help businesses accelerate innovation and growth by enabling you to deliver applications with the freedom, flexibility, speed and security required […]

Continue reading

IBM Cloud Paks: Open, faster and more reliable cloud computing

Beyond containers and Kubernetes, enterprises need to orchestrate their production topology, as well as implement management, security and governance in their applications. IBM Cloud Paks are IBM-certified, enterprise-ready, containerized, preintegrated software solutions that give clients an open, faster and more secure way to build, move and manage core business applications on any cloud. IBM Cloud […]

Continue reading