Myths about security based on cloud computing
At the initial stage of cloud computing development, many organizations expressed concerns about moving data, applications and infrastructure outside enterprises due to data security in the cloud.
Today, the view on this issue has changed dramatically. Awareness of the benefits of cloud computing is growing, but there are still many misunderstandings in this area. In the article we discuss the five most common myths concerning data security in the cloud.
YOU WILL LEARN FROM THIS ARTICLE:
- WHAT SHOULD YOU PAY ATTENTION TO IN ORDER TO INCREASE DATA SECURITY AND MINIMIZE THE RISK OF INCIDENTS?
- WHAT ARE THE ADVANTAGES OF CLOUD COMPUTING?
- ARE THE DATA STORED IN THE CLOUD AS SECURE AS THE DATA STORED IN THE COMPANY’S INTERNAL DATA CENTER?
- WHAT COSTS SHOULD BE TAKEN INTO ACCOUNT IN THE CASE OF DATA STORAGE IN THE CLOUD AND WHAT COSTS SHOULD BE TAKEN INTO ACCOUNT IN THE COMPANY’S OWN DATA CENTRE?
Myth 1: Keeping servers in one’s own IT infrastructure is safer than moving resources to the cloud
Maintaining a Data Center is extremely expensive. They must meet all data security criteria, i.e. have adequate protection of physical access, ensure redundancy of network connections and power lines and proper air-conditioning of rooms.
The scale of operations of an external Data Centre providing cloud services to many customers is able to balance all these expenses. It is possible to spread the costs over many cloud users with the same facilities and at the highest level.
Proper implementation of GDPR (FAME) in the data center can be largely achieved through ISO/IEC 27001 certification. Meeting the standards is a cost that is easier to spread among many customers of a shared Data Center. It is more difficult when the company bears them only on its own. Particularly important is data security from the IT side.
Also in this case the advantage is the external Data Center in the cloud, which distributes outlays on necessary security measures among many customers. An example can be the cost of protection against DDoS attacks, which is easier to face when you have much larger computing resources than a single company has at your disposal.
Myth 2: Investing in your own physical server is more cost effective than buying resources in the cloud.
Data Center offering services in the cloud enables better management of resources. Buying new servers and storage for your own Data Center is always more difficult, because it is not easy to predict future needs and properly scale infrastructure investments.
Usually, managers responsible for the continuity of operation of their own Data Center are forced to buy “on stock”, because the shortage of computational resources and mass storage is unacceptable for business. Calculations of investments in internal data center resources should therefore also take into account all expenses related to the maintenance of computing power.
These include the cost of electricity, the cost of air conditioning of rooms and, of course, expenditure on highly qualified IT specialists dealing with the operation of the Data Center.
Myth 3: Other customers of the same cloud provider may have access to my resources
Multi-level server separation provides the Data Centre with complete security of data storage in the cloud. Therefore, virtual machines of individual clients having their resources in the cloud are not “visible” to anyone other than authorized users.
This means that information stored in the cloud is fully protected against potential vulnerabilities of another Data Center client. Taking advantage of security gaps and breaking into the resources of one of the business customers will not be able to gain access to the data of other customers using the same cloud.
Myth 4: Legislation requires data to be kept only in own resources
Unfortunately, so far we have been struggling with a false conviction, not supported by any reference to legal acts, that regulations, whether Polish or EU, prefer to store data on the servers of our own enterprises.
Meanwhile, data kept in the cloud are neither privileged nor perceived worse in the light of the law in force. In each case, the certificate of compliance with the ISO 27001 standard guarantees the confidentiality of data in the cloud and imposes on the provider, among other things, the obligation to report any incidents that have occurred.
Myth 5: IT services provided by own employees are more cost-effective and of better quality than the use of external providers.
For internal Data Centers it becomes very difficult to reconcile high quality services and low costs. It is not easy for companies to ensure proper remuneration of IT specialists, sufficient resources and protection against data loss without sharing these costs among many entities, as is the case in the Cloud Data Centres.
It should also be noted that cloud solutions are more scalable – the customer pays only for those resources that he or she needs and uses at a given moment. Therefore, it does not have to create reserves for disk space and computing power, or maintain an excessive number of IT employees necessary for replacements, e.g. during holidays.
Let’s recall all five myths about data security in the cloud:
- Maintaining a secure Data Centre with the right level of physical access protection, redundant connections and power lines, and room air conditioning is extremely expensive. It is more efficient to spread these costs over the many users of these facilities.
- A Data Center offering cloud services is better able to manage resources than an internal Data Center.
- Multi-level server separation provides the Data Centre with complete data security in the cloud.
- Under current law, data stored in the cloud is neither privileged nor less well perceived.
- Companies running their own Data Center find it more difficult to ensure proper remuneration of IT specialists, sufficient computational and disk resources and protect themselves against data loss in comparison to the Data Center located in the cloud.
Cloud changes IT services and more
Success in implementing cloud solutions depends on whether we take advantage of the new opportunities it opens up for us. Simple rehosting of virtual servers does not require too much effort, but it may also not bring the expected results.
It is worth considering moving applications to the cloud or using cloud platforms such as SharePoint Online. Have you heard about Cosmos DB from Microsoft, which seems to eliminate the barrier between traditional relational databases and modern No-SQL databases?
Simple migration resembles changing a flat and putting all the furniture in exactly the same place. Such action causes that we lose the opportunity to develop and take advantage of innovations. And cloud is the most important change that has taken place since the spread of the Internet. It is a completely new way of working.