By Jared Spencer
Faculty Member, School of STEM at American Public University
As an instructor of security and networking courses, one of the topics I frequently cover in my classes is cloud computing and questions about security are common. Sentiments I hear from my students are, “I would never use the cloud because it’s too insecure.” Or, “Cloud systems are insecure compared to keeping my own systems.” Or even, “There’s no way a cloud system could be properly secured.”
Are these cloud security concerns valid?
Cloud-based solutions are becoming ubiquitous in today’s computing environment. Companies large and small are discovering that they can save money, improve performance, manage changing capacity requirements, and achieve many other benefits by moving to cloud solutions.
Whether it’s SaaS, PaaS, or IaaS, today’s companies are migrating en masse to the cloud. (If you’ve never heard of these acronyms, check here for a quick primer on cloud computing.)
With all of this movement to the cloud – is it really secure? And why does there seem to be a widespread belief that it isn’t? Let’s consider the individual concerns.
“I would never use the cloud because it’s too insecure.”
Students are often surprised when I tell them that they’re already using the cloud and likely have been for some time. Companies have been moving to the cloud for years – and many of the common applications and services we use every day are, at some level, cloud-based solutions.
Do you use Gmail? Have an account on Facebook? Twitter? Instagram? Many, if not most, organizations have digitized their data and services to the cloud so you can access your bank accounts, electric bills, and investment services if you choose to. Even the government is on board – you can easily access your social security and tax information online.
All of these environments are using some level of cloud computing. Of course, that doesn’t address the question of how secure they may be – but it’s naïve to believe that you can choose to not use the cloud. Even if you’ve decided not to use these services out of security concerns, your information is there and available.
“Cloud systems are insecure compared to keeping my own systems.”
Many professionals believe that they can keep their own environments more secure, and that if they move to a cloud-based solution they will lose control and won’t be able to properly secure their resources.
To evaluate the validity of this concern, we need look no further than recent events. Over the past five years, there have been countless examples of organizations that have been hacked or otherwise breached.
Have there been cases of cloud attacks? Yes; for example, the iCloud hack of 2014 that infamously leaked celebrity photos and other information. However, we’ve also seen countless examples of non-cloud systems that have been exposed. These include, most recently, Sony, Home Depot, and Anthem.
In the end, there’s no evidence that in-house systems are more secure than cloud solutions. In fact, the opposite is likely true. Given the high visibility of cloud systems, most vendors (with greater resources than an in-house IT shop) take extraordinary steps to ensure a highly secure environment.
Over the years, we’ve seen some security exposures in environmen
“There’s no way a cloud system could be properly secured.”
ts that used cloud-based solutions. Does that mean they can’t be secured? Definitely not.
Although we’ve seen some exposures in these environments, most cloud providers now offer robust solutions that are highly secure and have earned designations as such. As just one example, Amazon Web Services, or AWS, has been certified and approved for various healthcare and secure government uses (see https://aws.amazon.com/compliance/).
There are many aspects of security and determining whether a solution is secure is based much more than just whether the environment is cloud-based or not. However, it’s definitely possible to have a secure cloud system.
There’s no doubt that security is an important consideration in cloud computing – as it should be. However, it’s unfortunate that there continue to be many unfounded concerns. Even within industry, widespread misconceptions linger about the security of cloud solutions.
Ultimately, we need to understand that not only is cloud the solution of the future, but that it can also be a secure future – as long as we continue to develop and implement proper security methodologies and solutions.
About the Author
Jared Spencer is an IT professional with over 20 years of technology industry experience, working in capacities ranging from directly working with customers to managing the support services operation for a multinational communications company. He holds a Master’s Degree in Internet Information System and a Bachelors in Information Systems Management – both from Robert Morris University. He holds a number of industry certifications, including MCSE on Windows Server 2012, A+, Network+, Security+, Linux+, Cloud+, and IBM AIX (UNIX).