Myths about security in cloud computing
Cloud computing is one of the most progressive pillars of the IT sector. However, the very concept of cloud computing with the added complexity of virtualisation can throw a novice to unknown waters. The word cloud itself sounds porous and easy to penetrate. But such is not the case on a larger picture. Despite being more and more ubiquitous in various business environments, cloud computing carries its share of security concerns. It’s time that everyone knows the whats and whys of cloud computing and destroy these myths once and for all.
Myth 1: Public cloud storages can be easily targeted
Public clouds are just as vulnerable as private clouds. Securing data, whether or not on cloud, is an ongoing process. You cannot think of security as product or service. It is a constant battle and one has to be fully equipped to fight this war. For example, many providers are on top of their security game with PCI, HIPAA, SOC 2, SSAE16 and various ISO standards. In addition, they offer data encryption and have effective data loss prevention policies in place. So, the problem does not lie in the public cloud, but the security measures taken by the vendor and the corporation.
Myth 2: All cloud apps are the same
A user will not use all of his cloud software in equal amounts and hence, the security for cloud computing will be different in each case. Depending on the sensitivity of the data, the profile of the user, the intended use of the data and other factors, different policies can be put into place to manage session authentication, data distribution control and other threats.
Myth 3: Your cloud service provider holds complete responsibility for your cloud storage
It’s a common myth that the cloud provider will be at your beck and call. No they won’t. Think of it as leasing an apartment, the owner will provide you with all the necessary security (guards, alarms, etc.) but you have to be careful at your end. You cannot give keys to everyone. On cloud as well, you will have to manage passwords, protect against identity fraud, encrypt sensitive data, provide access to devices via secure networks and take care of other risk mitigation activities.
Myth 4: Corporate networks are stronger in protecting cloud apps
Corporate networks are not necessarily more secure. Security breaches and data loss are just as common. Corporate networks or not, cloud apps can be vulnerable if not implemented right. A secure cloud gateway that shields the interaction between the corporate network and the cloud is imperative. The key here is working with a provider who focuses on deploying world-class networking security, monitoring services and intrusion detection.
Myth 5: Tenants in the same cloud can spy on one another
Multiple tenants share storage, processing and other services in a public cloud but thanks to virtualisation, there is a strong partition between each tenant. Even the virtual machines sharing the same servers are isolated altogether from other VMs. And if that’s not enough, corporations can use CSPs that isolate VLANs to hold other tenants off their networks.