November 12, 2018 | Written by: Mathias Persson Olander
Categorized: Cloud | GDPR
Share this post:
It’s not uncommon to meet organizations avoiding cloud hosted IT solutions for security or data control reasons. But are cloud services really less secure than an on-premise solution?
Some common objections against using the cloud are usually based on an organization’s need to control their data. This can be related to regulations and compliance but most often a concern for data security is a major factor. All in all, we care about our data, and that is perfectly understandable, especially in times of GDPR and increased focus on information security. For these reason business systems and data are often managed in an on-premise environment.
However, is the cloud really less secure than an on-premise alternative? I general, the answer is actually no. The security measures larger cloud vendors put on protection of the data is often of a much higher standard than most small or mid-size organizations will achieve. Therefore by not using the cloud, in order to be compliant with internal policies, organizations may actually instead reduces their overall information security posture with higher business risk as a consequence. Furthermore, many cloud service providers invests heavily in data center security and compliance. As a result you will among the more serious cloud vendors find compliance with industry standards such as ISO 27001 and SOC I and II compliance.
Thus the overall objective of data security compliance (including confidentiality, availability and integrity of data) might be missed by an organization keeping its data in self managed on-premises environments.
So is it a question of compliance and security vs cloud? The answer is no, in most cases*. You can use cloud and still be compliant with i.e. data access controls requirements, encryption standards and industry regulations. As an example IBM Cloud follows strict industry compliance requirements . There is also already controls in place for your data’s privacy and protection.
Finally, most organizations already utilizes cloud hosted applications and services to some extent. A not uncommon example is Shadow IT among users. So instead of investing efforts to stay away from the cloud efforts should be spend on secure cloud usage.
*There are of course situations where cloud is not applicable like some cases of national state security, but then that data should of course be protected on the highest level.
For any further questions do not hesitate to contact me at: email@example.com