Ever since the emergence of cloud technology, business leaders and IT managers have had concerns about hosting their critical applications and infrastructure off-premises. These worries are understandable: For years, these companies have kept this essential information within their own building, taking care of the equipment and updates themselves. While the cloud can offer a range of benefits – including cost savings and more time to focus on other important projects for the IT team – anxiety about the security of these platforms still exists in today’s technological landscape.
Now, cloud service providers are putting an increased focus on quelling their clients’ security concerns. Using several strategies, including tours of the actual facilities where data will be housed, these vendors are putting their customers’ worries to bed, and helping them enjoy the full benefits of the cloud.
Cloud security: Still a top concern
According to a 2015 study from Bitglass, cloud security is still a top concern held by today’s IT leaders. Reporting on the survey, SecurityWeek contributor Eduard Kovacs noted that 90 percent of the 1,000 IT and security professionals participating in the survey said they were still moderately to very concerned about the security of public cloud solutions in particular.
In fact, the report found that security concerns are still a main barrier against adoption of the technology. Nearly half – 45 percent – of businesses hesitate to adopt the cloud because of worries about the general security of the platform. Another 41 percent were concerned about potential data loss and leakage, and 31 percent were hesitant about the loss of control over critical assets.
Although, in many industry circles, the cloud has become an irreplaceable part of enterprise infrastructure, these remaining worries have been enough to slow the overall uptick in adoption.
Gartner: Be concerned about the right threats
According to Druva contributor Paul Ferrill, Gartner acknowledged that worries still existed about cloud security. However, the firm pointed out that IT leaders and business managers should focus their concerns on the right elements. Gartner analyst Jay Heiser pointed out that oftentimes, enterprises expend their efforts on hypothetical risks that aren’t likely to impact their infrastructures, and are therefore a waste of time. Making matters worse are highly public events that put a negative light on cloud services, making decision-makers second guess the technology, even though the platform involved in the event is not the cloud service they use or are evaluating.
“In reality, Heiser explained, the most common forms of security breaches involve some kind of information-gathering such as a phishing attack,” Ferrill wrote. “Other breaches have some action on the part of an employee, either deliberately or by mistake. Both of these cases involve a form of human error which, at best, is difficult to detect and even harder to prevent.”
In this way, Heiser pointed out that it isn’t the cloud services that are failing, it is the customers.
Quelling cloud security concerns
As a result of this landscape, where an accidental or purposeful action on the part of an employee can lead to considerable risk, Heiser recommended putting policies and procedures in place to help govern the use of the cloud. These standards can help prevent human error that can lead to a breach.
“At the end of the day, it is your responsibility for defining and implementing specific security measures for the entirety of the IT operations. regardless of where the services are based,” Ferrill noted.
Data center tours
Some providers are taking a different approach to reducing security concerns through data center tours. Channelnomics reported that some vendors, including Equinix partner Unitas Global, have found that bringing customers into the facility and enabling them to see security measures with their own eyes, has made a big difference.
“Security is both the physical and how you can get hacked or how people can get into your systems,” said Patrick Shutt, Unitas Global CEO. “If you’re an enterprise CIO and [your] top reason for not wanting to go to [the] cloud is security, once you get through these discussions, do the tour of the facilities and understand that it is all dedicated and solely private to you, you sort of change your mind on the issue.”
Shutt said many CIOs leave feeling more confident about migrating to the cloud as the facility was more secure than they thought, or more protected than an on-premises infrastructure.
