On one hand there is a widely held belief that, by its very nature, data stored in the cloud is not as secure as data managed on-premise.
That sentiment plays front and center with warnings like the one from Francis Brown
, managing director at Stach & Liu, who recently said
that “companies are pushing forward on the cloud because they want the functionality, but they’re not seeing the risk.” Brown warned companies to stay away from the cloud because of the cloud’s inherent insecurities. His findings were part of a presentation
called “Pulp Google Hacking: The Next Generation Search Engine Hacking Arsenal”.
But Brown’s contentions are not so much that there are glaring flaws with cloud security technology, but rather that, securing the cloud correctly isn’t easy, and all too often human mistakes and laziness introduce insecurities in cloud implementations. Brown’s presentation showed, for example, how access information and login credentials for networks and browser-based applications are often saved in text files by administrators and users and these files then get unknowingly picked up and exposed by Google and Bing search engines.
But others are beginning to say that problems like this could be avoided simply by selecting and working with reputable cloud vendors.
, chief technology officer of cloud computing strategy at IBM, said
for example, that “there’s a misconception that the cloud is less secure than traditional IT environments. The cloud can actually be more secure.” How can that be? Moss primary reason to explain his thinking is that vendors who specialize in the cloud are more likely to have superior security technology and expertise.
, CEO of MindShift Technology, said that
“IT departments started moving to the cloud because of security reasons, for better disaster recovery and because they don’t want the hassle of running all of their solutions themselves. If you have an on-premise solution that is not managed properly then hackers can get to it. And it’s subject to things like power outages. The cloud improves physical security dramatically. And if you’re a cloud provider you have to be up-to-date on security because hackers are always getting better. I think overall the cloud is more secure than on-premise solutions
Mary Beth Hamilton
, Director of Marketing at Eze Castle Integration, wrote that “when considering a move to the cloud, security is typically a hot topic and often a concern. In truth, a cloud infrastructure can be as secure—or insecure—as a traditional in-house infrastructure. It all comes down to the cloud architecture, security policies, management practices and the service provider’s track-record and experience. “
that “we cannot afford to make the false trade-off between cybersecurity and innovation. A lot of people will use cyber as a blanket excuse to not move forward, but I truly believe that moving to the cloud, and a move to the cloud of infrastructure application and other systems, done correctly, following NIST guidelines, eventually using FedRAMP, getting DHS monitoring established and others, can really make solutions in the government all more secure than we are today.”
General Alexander said
that “by shifting to a cloud architecture
the United States would save money and be better placed to protect vital computer networks.”
Ronald Ross said that “I think that at the end of the day, if you do an effective cloud deployment where you can reduce IT costs from 5 to 40 percent, that provides us a double benefit – reduced cost and complexity and better cybersecurity.”