In the lead-up panic to GDPR enforcement on the 25th of May, I thought I’d go ahead and clear up a few of the cloud security myths that have been knocking around lately. As it is, according to Steve Morgan in the Cybersecurity Business Report, malware is projected to cost the world a whopping six trillion dollars a year- and that’s by 2021. And with cloud hosting getting more popular by the day, it’s nice to know where your priorities should lie while you’re trying to sort out your GDPR compliance. So, here we go! I’m counting again (if you missed that disaster on reasons to move to cloud in 2018), so we’ll see how it goes.
1. The cloud is still a new concept, and is therefore insecure.
It’s been over fifty years since the idea of cloud became an actual thing. And it was around then that the distrust started surrounding the concept. It’s an understandable worry- data in your control is far safer; you know exactly where your data is, how it got there and who has access (in theory- but we’ll save that for a further point). The point is, the cloud isn’t new. Neither is encryption or the risk of malicious people hacking in to cause chaos. As issues surrounding these breaches have come up, cloud providers have kept up and ahead, upgrading and designing new cloud solutions to ensure continuous improvement of cloud.
One of the advantages to cloud hosting is the investment cloud providers make into security. Since your data is being stored with a cloud provider, it’s up to them to update all its firmware and configuration changes. I don’t know about you, but I’m not very reliable when it comes to updating my malware or firewall. It’s so easy to ignore that annoying notification that pops up on the bottom right-hand corner of your screen when you boot up your laptop first thing in the morning. Cloud providers have much greater expertise in the area of data hosting, and they have the technical staff to deal with any issues that arise. Isn’t that one less headache to worry about?
2. On-premise hosting is best.
You gently brush your fingers down the server casing, cool to the touch, like a whisper shared only between the two of you. You know your server, it knows you. Stored in this piece of tin is not only data, but years of intimacy between you, an intimacy that you have been relying on for so long.
Except you can’t actually rely on it.
There’s a weird concept that when your data is stored on-premise it’s safer. I understand how, in our current GDPR-focused reality, being able to see exactly where your precious data is being housed can help quell fears. But in reality, on-prem hosting brings with it a whole other host of issues- issues that are your responsibility to deal with.
Take, for example, the destruction of your building. Fire, flood, paranormal activity- you get the idea. Everything goes, and it stays goes- er, gone. Then you have the possibility of questionable back-up processes, that aren’t questionable until you actually need to rely on them and realise that they haven’t been done in the last month. Oops. Then you have to ask yourself if the security measures that you’ve put in place are up to a high enough standard to protect all of your data.
And while you’re so worried about protecting yourself from the threats of the outside, what about that troublesome employee that you’ve finally gotten rid of after years of problems? Or an accidental or negligent security breach? These are far more common than getting hacked, but they could have the same disastrous consequences for your business.
3. All cloud systems provide the same levels of security.
There is a difference between a personal ‘data cloud’ and a cloud business system. One would understandably have to have far more stringent levels of security; I’m sure you can guess which. At the same time, you can’t assume that all cloud business solutions employ the same levels of security, and it’s important to make sure that you have a checklist for the kind of security measures that are required.
A ‘best in class’ cloud provider would normally have a top-quality data centre architecture that would be geographically apart (see ‘fire, flood, paranormal activity’ of the above point). Access is a big one; a good cloud provider would ensure plenty of application security that would comprise the industry standard SSL encryption. Restricted user access; does this person work for your company, and if so, are they allowed access to the data that they’re looking for? On your checklist should also be a dedicated security team who would identify and deal with any suspicious activity. And, of course, look out for ‘best in class’ security certifications to make sure that you’re in the right hands.
So that’s the myths of cloud covered. Now, imagine this; it’s gorgeous outside, you don’t fancy sitting in your grey office for the day, and your boss agrees to let you get your work done from home. Except you don’t. You find the nearest Costa/Starbucks/Café Nero with free wifi and big bay windows to let the sun in, and you plonk yourself there for the day. With your tiny laptop, you have all the power that you’d have if you were sitting in your office building. You’re able to connect to your company desktop through Citrix, and you’re able to write and edit the documents you were working on back at the office, thanks to Office 365.
Still not sure what exactly you should be worried about? Come speak to one of our experts about our free-of-charge security posture review. It will provide you an opportunity to discuss your endpoint security challenges, as well as your wider cyber security posture with regards to perimeter, data centre and cloud components.