Access and Feeds

Cloud Computing Security: Can the Cloud Ever Be More Secure than On-Premise?

By Dick Weisinger

On one hand there is a widely held belief that, by its very nature, data stored in the cloud is not as secure as data managed on-premise.
 
That sentiment plays front and center with warnings like the one from Francis Brown, managing director at Stach & Liu, who recently said that ”companies are pushing forward on the cloud because they want the functionality, but they’re not seeing the risk.”  Brown warned companies to stay away from the cloud because of the cloud’s inherent insecurities.  His findings were part of a presentation called “Pulp Google Hacking: The Next Generation Search Engine Hacking Arsenal”.
 
But Brown’s contentions are not so much that there are glaring flaws with cloud security technology, but rather that, securing the cloud correctly isn’t  easy, and all too often human mistakes and laziness introduce insecurities  in cloud implementations.  Brown’s presentation showed, for example, how access information and login credentials for networks and browser-based applications are often saved in text files by administrators and users and these files then get unknowingly picked up and exposed by Google and Bing search engines.
 
But others are beginning to say that problems like this could be avoided simply by selecting and working with reputable cloud vendors.
 
Harold Moss, chief technology officer of cloud computing strategy at IBM, said for example, that “there’s a misconception that the cloud is less secure than traditional IT environments.  The cloud can actually be more secure.”  How can that be?  Moss primary reason to explain his thinking is that vendors who specialize in the cloud  are more  likely to have superior security technology and expertise.
 
Paul Chisholm, CEO of MindShift Technology, said that “IT departments started moving to the cloud because of security reasons, for better disaster recovery and because they don’t want the hassle of running all of their solutions themselves.  If you have an on-premise solution that is not managed properly then hackers can get to it. And it’s subject to things like power outages. The cloud improves physical security dramatically.  And if you’re a cloud provider you have to be up-to-date on security because hackers are always getting better.  I think overall the cloud is more secure than on-premise solutions.”
 
Mary Beth Hamilton, Director of Marketing at Eze Castle Integration, wrote that “when considering a move to the cloud, security is typically a hot topic and often a concern. In truth, a cloud infrastructure can be as secure—or insecure—as a traditional in-house infrastructure. It all comes down to the cloud architecture, security policies, management practices and the service provider’s track-record and experience. “
 
J. Nicholas Hoover, Senior Editor at InformationWeek, recently compiled a list of high-ranking US government IT officials saying that cloud computing can be more secure than on-premise alternatives.  ”The list of execs touting the security advantages of the cloud has grown to include federal CIO Steven VanRoekel; Gen. Keith Alexander, head of both the National Security Agency and U.S. Cyber Command; CIA CTO Gus Hunt; NIST security researchers Peter Mell and Dr. Ronald Ross; and former NSA director Adm. Mike McConnell.”
 
VanRoekel said that “we cannot afford to make the false trade-off between cybersecurity and innovation. A lot of people will use cyber as a blanket excuse to not move forward, but I truly believe that moving to the cloud, and a move to the cloud of infrastructure application and other systems, done correctly, following NIST guidelines, eventually using FedRAMP, getting DHS monitoring established and others, can really make solutions in the government all more secure than we are today.”
 
General Alexander said that “by shifting to a cloud architecture the United States would save money and be better placed to protect vital computer networks.”
 
Ronald Ross said that “I think that at the end of the day, if you do an effective cloud deployment where you can reduce IT costs from 5 to 40 percent, that provides us a double benefit – reduced cost and complexity and better cybersecurity.”
Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)
One comment on “Cloud Computing Security: Can the Cloud Ever Be More Secure than On-Premise?
  1. bsorenson says:

    Great point! In reallity, hosted data center security by long standing vendors is dramatically more secure than any local system. With the dramatic amount of audits that vendors go through for customers, cloud providers that have been in business for years continue to be reviewed and validated by organizations like the SEC, FINRA, Financial Institution, and other auditors.

    We go through over a dozen hard audits annually that are requried by either our customers directly or their customers. It’s a great way to validate your environment and prove how secure you are. Contrasting that to companies that are suspect to social engineering attacks dramatically shows the differences.

    The other things we see is that the SMB market would like to “know” their vendor and not use big Amazon like solutions without someone to call for support, help, or direction. It makes a great market for companies like ours that are close enough to the customer that they feel taken care of better than if they had their own IT staff.

    Great points!

    Bill Sorenson
    http://www.IVDesk.com

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>