Welcome!

@CloudExpo Authors: Pat Romanski, Yeshim Deniz, Zakia Bouachraoui, Liz McMillan, Elizabeth White

Related Topics: @CloudExpo, Java IoT, Microservices Expo, Containers Expo Blog, Agile Computing, Cloud Security

@CloudExpo: Blog Feed Post

Top Five Cloud Security Myths

Security isn't taken for granted in the cloud... and that's the way it should be.

While movement to the cloud keeps accelerating, fears about security hang on. Let’s take a look at the most common myths about cloud security that might be holding businesses back from taking advantage of the flexibility and scalability of the cloud model.

1. The cloud is inherently less secure than enterprise data centers.
This is the piece of “common sense” that hangs on, but the data just doesn’t bear it out. Alert Logic, a provider of cloud-enabled security solutions, does regular studies of its customers, looking at the actual threats they experienced. For the last few years, they’ve been finding that cloud hosting provider customer are less likely to experience most types of threats, and when they are impacted, it’s less frequent that what’s seen in enterprise data centers.

security guard meme

Security isn't taken for granted in the cloud... and that's the way it should be.

2. Cloud security is my cloud vendor’s job.
Security is never your vendor’s job, no matter where your infrastructure lives. Yes, your vendors play an important role – but ultimately it’s your job. First, as part of your discovery process in choosing a vendor, you should be asking them about security – from their own physical security and management processes to the types of solutions they can offer through their partners. Second, when you are working with any IaaS provider, you are paying them to manage the infrastructure portion of the IT stack – there’s still an application layer that you’re in control of, and web-facing applications are a prime vector for attacks. Your vendor is your partner in building a holistic security strategy for your infrastructure.


3. Customers will not be comfortable with data residing in the cloud.
True, some customers won’t, but that’s not a concern based on data (see item 1). You need to remind your customers that data on a well-managed and properly secured cloud instance is much safer than data in an enterprise data center without proper monitoring for intrusion, without a rock-solid process for collecting and analyzing logs, without 24×7 monitoring of security data, or without a proactive process of identifying and patching vulnerabilities. It’s the management, not the location. If you’re looking at cloud options, you understand that; being transparent with your customers about how you protect them can go a long way to easing these fears.

4. The cloud is home to hackers and criminals.
Yes, there are bad guys using the cloud as a base of operations. Before the cloud, when dedicated hosting was hot, there were bad guys setting up shop at hosting providers. A good service provider will have a solid fraud management program to root out and boot out the bad actors. Ask them about it. And remember – even though there will always be some criminals using the cloud (and traditional hosting and their own data centers), what you need to worry about is what their targets are – and if you’re a target, where they’ve set up shop will be less relevant that the strength of your defenses.

5. Securing the cloud is too complicated.
This one has a basis in truth – securing cloud infrastructure is not the same as securing a traditional data center, much to the chagrin of traditional security vendors who’ve tried to shoehorn traditional products into a new environment with less than stellar results. Cloud security solutions have to be designed to work in multitenant environments. They need to be able to autoscale with cloud instances and they can’t depend on a server having the same IP address all the time. When you’re looking at security solutions, ask questions. How did the vendor handle cloud challenges? Do they work with the leading cloud infastructure vendors who are developing the technology that drives the cloud? In other words – are they cloud aware? If so, they’ll have cut through that complexity for you.

The bottom line: in the cloud, like everywhere else, security is critical. Your cloud provider should be ready to have frank discussions with you about the right approach – and a robust set of tools to keep your infrastructure safe. Let those discussions guide your cloud strategy, and you’ll have an advantage over businesses that are driven by myths.

By Jake Gardner

Read the original blog entry...

More Stories By Gathering Clouds

Cloud computing news, information, and insights. Powered by Logicworks.

CloudEXPO Stories
Headquartered in Plainsboro, NJ, Synametrics Technologies has provided IT professionals and computer systems developers since 1997. Based on the success of their initial product offerings (WinSQL and DeltaCopy), the company continues to create and hone innovative products that help its customers get more from their computer applications, databases and infrastructure. To date, over one million users around the world have chosen Synametrics solutions to help power their accelerated business or personal computing needs.
All in Mobile is a place where we continually maximize their impact by fostering understanding, empathy, insights, creativity and joy. They believe that a truly useful and desirable mobile app doesn't need the brightest idea or the most advanced technology. A great product begins with understanding people. It's easy to think that customers will love your app, but can you justify it? They make sure your final app is something that users truly want and need. The only way to do this is by researching target group and involving users in the designing process.
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to advisory roles at startups. He has worked extensively on monetization, SAAS, IoT, ecosystems, partnerships and accelerating growth in new business initiatives.
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like "How is my application doing" but no idea how to get a proper answer.
DXWorldEXPO LLC announced today that Big Data Federation to Exhibit at the 22nd International CloudEXPO, colocated with DevOpsSUMMIT and DXWorldEXPO, November 12-13, 2018 in New York City. Big Data Federation, Inc. develops and applies artificial intelligence to predict financial and economic events that matter. The company uncovers patterns and precise drivers of performance and outcomes with the aid of machine-learning algorithms, big data, and fundamental analysis. Their products are deployed by some of the world's largest financial institutions. The company develops and applies innovative machine-learning technologies to big data to predict financial, economic, and world events. The team is a group of passionate technologists, mathematicians, data scientists and programmers in Silicon Valley with over 100 patents to their names. Big Data Federation was incorporated in 2015 and is ...