When many executives hear "cloud computing," they envision those highly permeable clouds that their business jets enter, traverse, and exit without incident.
They assume that attackers move through clouds just as easily as a 747, and they fear losing their jobs after a high-profile data breach. In everyday language, "cloud" suggests something porous, and the word "cloudy" means murky and nebulous. The very term, in addition to the complexity of subjects like virtualization, makes cloud computing a tough concept for non-IT people.
Image Credit: Flickr, Creative Commons: Independent Data Solutions
Just because it's hard to understand how cloud computing works, many managers feel paranoid about cloud safety. Ease their minds by debunking three of the most pervasive cloud security myths.
- Cloud Environments Are Easier to Attack Two identical servers share the same potential vulnerabilities, whether they're located in your company's private data center or within a public cloud provider's data center. The level of data protection depends less on the machines and more on the security posture of each data center. That's why many businesses store their most sensitive data in private clouds that they protect and maintain. They place data of less importance in public CSP data centers. To stay in business, providers have to show that they can protect customer data. When you're a small company with few in-house IT resources, an outside provider probably has more security expertise than you do. Most likely, they have more sophisticated cloud security tools (like that from TrendMicro) and methods than you can provide on your own. The problem isn't that clouds are easier to attack. Vulnerability depends the security posture of the data center.
- You Can't Control Where Data Lives in the Cloud
- It's Easy for Cloud Tenants to Spy on Each Other
- Clouds Still Run on Machines
When you run a global company, your data travels all over the world. Unless you want to build your own data centers in multiple countries, you'll depend on CSPs that operate locally. Although you need these providers, you're still in control of where your data travels. You're also ultimately responsible for following local data protection regulations.
Knowing where your data lives requires transparency from your provider. You should know where your data travels and how it's protected both at rest and in transit. Instead of cobbling together a federation of local providers, seek a global CSP that operates data centers in multiple countries. Such a provider will understand local regulations, and it will meet your transparency demands.
One of the defining characteristics of cloud computing is the concept of shared resources. Within a public cloud, multiple tenants share processing, storage, and other computing services within a cloud services provider's data centers. A public cloud provider like Amazon provisions computing resources from multiple data centers for many tenants to share. If you picture the cloud as porous, you might imagine that it's easy for one tenant to steal another tenant's data.
In reality, virtualization provides strong partitions between tenants within the data center. To visualize multi-tenancy within the data center, picture tenants sharing the same floor of a building but sitting in separate and secure offices. Even though virtual machines share the same server, they're effectively isolated from the other VMs. Unless you share a data center with a competitor who's hungry for your trade secrets, you're unlikely to become a victim.
Back in 2012, security researchers executed a proof-of-concept attack that allowed one software program sharing cloud resources with a second software program to spy on the second program. When they published their findings, the researchers admitted they could imagine few situations in which such a sophisticated attack could be mounted against a fellow cloud tenant. Still, if you're worried about the other tenants, keep your most sensitive data, like financial information and trade secrets, within a private cloud environment. Also, use CSPs that isolate VLANs to keep other tenants off your network.
Virtualization developed as a way to get more efficiency and effectiveness from servers, and VMs still depend on physical resources. Unfortunately, unless you build your own data centers and your own private clouds, you have to trust someone else to take care of your data. When you add that extra layer of vulnerability to the confusing nature of cloud computing, you can understand why non-IT associates might not believe in the safety of the cloud. Fortunately, after you shoot down a few myths, the benefits of cloud computing technology -- lower capital expenditures, smarter resources usage, and expanded capacity -- shouldn't be hard for them to grasp.