With more and more businesses moving to the cloud and an increasing number of “hybrid” environments, it is becoming increasingly difficult for businesses across all different industries to keep up with both types of security. However, your practices for your traditional security, are likely to transfer to the practices you implement for your cloud security. Many of the responsibilities for security your data in the cloud are similar to securing the data on premises or at your data center. These include, access allocation, shift responsibilities, automation, data protection, asset identification, defining security groups and rules, & proper documentation.
However, there are two areas that are still of concern according to CSO.com are, “Vanishing concept of a perimeter” and “You may no longer need to deal with patching, firmware, and configuration management.” When it comes to the first CSO.com states, “We used to say, “The endpoint will be the perimeter,” but this has not really proven out. However, having the perimeter at the data center vs. including all of your workstations reduces the attack surface into our environments.” For the comment about patching and updates they state, “In the SaaS and PaaS models, we really don’t care what OS is being run. We are consuming storage and applications, so that is now our provider’s problem.”
One huge more recent issue that created some concern, was a five-hour Amazon Web Services (AWS) outage in February 2017 that caused major headaches for many companies and thousands of websites across the United States. Even others that were not on the same AWS region caused by the outage experienced major latency with their own AWS. The reason this outage was most troubling, was due to the fact that it was caused by human error. This is one issue with having your network fully reliant on the cloud can potentially be an issue.
So this leads to the question, which one is more secure? Currently, while cloud service providers and the demand for more storage is rapidly growing, both cloud and data-center security have their equal pros and cons and face similar challenges. Both still require high levels of security and monitoring, redundancies must still be in place in case issues with accessing data on premises or in the cloud arise and most importantly both can be costly. As said earlier, the practices you implement on premises will result in similar practices with your cloud data as well. Whether you decide to host your data internally, via a cloud provider, or have a hybrid environment of the two for different functions, the process must be thought out and methodical.
According to Gartner, “Using cloud services is not enough. It’s the way you use cloud services that matters,” said Ms. Scott. “Developing your applications in a ‘Wild West’ style where ‘anything goes’ can result in costly sprawl, lack of leverage and high cost maintenance, resulting in significant technical and architectural debt. You have to optimize your applications for cloud computing with the explicit purpose of getting the most value at the lowest effective cost.”