How Secure is The Cloud?

A recent report on the state of the security industry report showed that one-quarter of all data breaches take organizations weeks, or even months, to contain. IT providers tend to overestimate the security measures deployed within their own walls as well as their ability to contain customer-data breaches. By contrast, large cloud providers have security teams, systems and tools constantly monitoring operations.

It’s the business of cloud providers to supply computing power that is secure both on the perimeter and inside the data center. So while an individual machine may be running month-end banking statements in the afternoon and seismic modeling for an oil and gas exploration late at night, the data is securely ensconced behind internal firewalls that protect each virtual machine. What’s more, cloud provider infrastructures that require certification are subject to regular audits from consulting firms that specialize in IT security.

The very complexity of cloud operations also provides a layer of security. Even if cyber criminals know the specific cloud provider an institution uses, they’d still have to find the right data center and gain access. Even then, there’s still substantial internal security left to breach. Businesses that store information on their own servers offer a comparatively easier target than those that use the cloud.

For those hesitant to join the public cloud, there are providers that offer private clouds where virtual machines can be dynamically allocated inside the provider’s firewall. This may limit the savings, flexibility or sophisticated resource management of using the very large multi-tenant public cloud providers. Still, there are decent compromises as some banks, asset managers and advanced trading firms are increasingly moving key operations to an in-between state known as a virtual multi-service public cloud operation. Whichever way businesses choose to go, all companies that move to some kind of cloud are still responsible for their data security. Sensitive data should be encrypted both in transit and while stored. Access control remains the most important function in securing the bank’s information. If a client of a cloud provider insists on doing its own police work, the public cloud offers systems administration as well as plenty of tools for intrusion detection.

At the end of the day, on premise technology solutions or cloud solutions need to be prepared to secure the data they are charged with protecting.  With more tenants under their care and more data access opportunities, cloud providers are more likely to pay attention to the details and apply all of the security measures that will protect their customers and their data.

written by: Scott Wilson - 4/28/2016