For the past few years, this has been the refrain of many businesses. Despite the rapid growth in adoption of cloud services, many organizations have been reluctant to move their operations to the cloud for fear of their data falling into the wrong hands. Given that the costs of a data breach are so high, the conventional wisdom has been that it’s better to keep the most sensitive data in-house.
That’s no longer the case, though. Many organizations have seen measurable, positive growth in their businesses as a result of the cloud, and their success has led many other organizations to rethink their stance on cloud adoption. According to one study by the Ponemon Institute, the number of companies that say they have no plans to use the cloud in any capacity has been reduced by nearly half in the last two years. And another study by “The Economist” found that the number of businesses that are actually shifting complex business functions — including those that require the use of sensitive or protected data — is increasing steadily each year.
Much of this increase in cloud adoption is directly attributable to improvements in cloud security and the greater availability of private and hybrid clouds. Whereas in the past, it was difficult or even impossible for businesses to maintain a high level of security around their data when it was in the cloud, the standards have grown more stringent.
How Cloud Security Has Changed
Given that the cloud has only been at the forefront of enterprise IT for a few years now, businesses that are still on the fence about whether or not to adopt the technology may be wondering what has changed. The answer is, “Quite a lot.”
- Increased transparency. In the past, businesses that contracted with cloud providers might have a vague idea at best as to what the provider was doing to secure their data. Vendors may have promised security, but the clients were often unsure or unclear of what that really meant. Today, businesses have a clear understanding of what providers are doing to keep data safe — and have some control over how their data is protected.
- Encryption is on the rise. Data encryption is a standard procedure for many providers now, both while data is being transferred and stored.
- Better access controls. SaaS providers often have better controls over employee access and identity management than in-house services, meaning that only those employees who are authorized to access certain data or functions are able to.
- Improved compliance. Most cloud service providers and modern data centers actually exceed the security requirements of regulations like PCI-DSS, HIPAA, and Dodd-Frank. For small businesses that may struggle to meet these requirements on their own, cloud services are an important part of everyday operations.
- Limited attack surface. Cloud service providers are often more adept at hardening the infrastructure around their surfaces, thereby reducing the vulnerability of vital business functions.
- More knowledgeable staff. When you work with a cloud provider, the security staff is generally experienced and comprised of experts in various security functions. These professionals can identify and mitigate risks more effectively than the security generalists on most IT teams can.
- More effective incident response. In the unlikely event that there is a security incident, cloud providers have the ability to identify and close the vulnerability in real time. In most companies, security breaches are only discovered after the fact, and identifying the problem usually involves time-consuming log reviews.
While cloud security isn’t quite the cause for concern that it was even a year or two ago, that doesn’t mean that it is perfect, and that businesses can just move to the cloud and assume their problems are solved. As long as data is being created, managed, and stored, it will always be a target for cybercriminals, no matter if it is in the cloud or on an in-house server.
However, even with the knowledge of that risk, many of the respondents to “The Economist” survey reported that security is less of a concern than the actual process of moving to the cloud and the chances of a service outage disrupting their operations. The benefits of cloud adoption far outweigh any security risks, and those businesses that are willing to accept responsibility for their own security and make smart decisions about cloud and data center providers are likely to see significant gains result from making the shift.