One after another, businesses are turning to cloud computing, and most will agree that this trend will not reverse itself. In fact, many businesses have been using cloud services or applications for years perhaps without realizing it! A few examples are Dropbox as well as email and survey marketing websites. As businesses expand their need for applications and data, public cloud offerings become attractive solutions, especially for SMBs. For some of us, though, the idea of “public” can make us uneasy, like the sobering warnings against doing business over “public wifi”, for example. What exactly is the public cloud, though, and can it really be trusted?
To answer that, we will first make clear what differentiates the public cloud from private. In a private cloud solution, the data center hosting a company’s data is protected behind a firewall exclusive for that company. The company owns the equipment, wherever the data center resides, and shares very little, if any at all, storage on those machines with other companies. The security advantages of a private cloud comes at a cost, though, as the responsibility of management, maintenance and updating of the data centers exists with that sole company.
The public cloud, on the other hand, stores your data in your provider’s data center, and the responsibility for management and maintenance of the data center belongs to your provider. This can be a huge advantage for companies that don’t have the resources to test, deploy, and upgrade their servers. However, if your business does not have control, and other businesses might be on the same shared resources, is security in the public cloud an issue?
In reality, according to Jay Heiser, Research VP for Gartner, public clouds in general are reliably secure. How so? Consider, for example, the public cloud giants, if we may call them that, like Amazon AWS, Microsoft Azure, Salesforce, etc. True, there have been occasions we see news headlines that one of these specific, large platforms suffers an outage, but security breaches have not been reported with those outages, as noted in CRN’s report on the biggest outages of 2016. The frustration of the outages increases, rather, due to the growth of the population dependent on these clouds. Most public clouds filter traffic through their own firewalls anyway, and are subject to much of the same regulatory compliance that businesses with private clouds must honor.
While there is reason for confidence in the security of the public cloud, this does not exempt businesses from doing their due diligence when selecting a Cloud Service Provider (CSP). Whether you are considering a CSP who offers cloud services out of its own data center or a reseller for larger cloud giants, how can you be sure of its compliance with security standards? Ask if the CSP has a successful completion of a 3rd party audit. An article from CIO.com summarizes the 11 control objectives outlined by the Unified Certification Standard for Cloud and Managed Service Providers, which this audit should include.
Aside from compliance, your security and success with the public cloud also relies on your own strategies and procedures for using the service. Develop a comprehensive plan for your business data so you can avoid an ad hoc approach of building things to the cloud. Educate your employees on mobile and password security when accessing cloud-based apps and data. With these guidelines, the public cloud can be a budgetable and competitively secure resource for your business applications.