5 Dangerous Cloud Computing Security Misconceptions: Page 2

“It’s critical to make sure data is encrypted at rest – even before it leaves the enterprise,” Kothari said.

This goes back to the “all clouds are equal” point. If your cloud provider does not encrypt data at rest, then they probably aren’t as serious about security as you are.

4. Cloud applications aren’t as secure as traditional shrink-wrap software.

The perception is that traditional software goes through a longer, more involved vetting process than cloud-based applications. Vulnerabilities, though, tell a different story.

Cloud-based applications are constantly patched and updated. In contrast, patching for traditional software is left to end users.

“Cloud applications don’t stand still,” said Curry of YouSendIt. “As a cloud vendor, we do a release to the software every week. Every quarter, we do a refresh to the client code base and push that out, and in some cases, rebuilds are daily with certain web apps.”

I guarantee that your on-premise applications aren’t refreshed and patched every week or every day. No IT staff can keep up with that. With SaaS and cloud application providers, though, many focus only on a single application or suite of applications. It’s what they do, and it’s all they do. The apps must be rock solid, or, again, customers will go elsewhere.

5. The cloud is just the tip of the iceberg.

This isn’t actually a misconception (that comes later). Cloud computing makes it far easier to bring devices like smartphones and tablets into contact with enterprise applications. Hackers are increasingly focusing on smartphones, and you can bet there will be tons of vulnerabilities found in 99-cent apps.

However, the rise of the cloud and post-PC devices marks a shift in computing. We’re moving away from a model where processing and storage were device-side tasks to one where critical information never leaves the data center.

The misconception is that mobile devices are much riskier than PCs. That’s not necessarily true. Mobile devices that offload processing and storage to the cloud are already more secure simply by not having important data residing on the client.

The critical piece of security on mobile devices will be user identities and credentials. If those are bolstered, a lost phone will represent nothing more than a minor inconvenience. Compare that to a lost laptop. Lost laptops were responsible for many major data loss incidents, including more than one for the VA.

Let’s go smaller than the laptop to the thumb drive. The Department of Defense was penetrated by the Chinese via corrupted thumb drives. Cloud computing will eliminate multiple copies of files stored in multiple places, and, if all of your data is in the cloud, will you need to plug in a thumb drive at all?

The threat from mobile devices can’t be understated, but as with many new technologies before, security will evolve to offer better, more device-specific protection.