There's a myth about cloud security that goes something like this: because cloud servers are managed by a third party, they're obviously less secure than owned physical infrastructure located in a data center managed by the company.
Most businesses recognize that cloud platforms offer advantages compared to owned physical infrastructure. Cloud is more resource efficient, more flexible, and more scalable. But there's often a weighing up that puts those advantages on one side of the scale and the cloud's purported lack of security on the other side.
That strikes me as an odd way of thinking about things because a well-managed cloud platform is likely to be more secure than the average SME's in-house data center.
Yes, cloud means data is stored on infrastructure owned by a third-party over which you have no control, but that third party is better placed to manage infrastructure securely in the first place.
Security is a Cloud Vendor's Top Priority
Consider your company's priorities. Security is likely to be somewhere on the list, but if your company is a marketing or manufacturing company, then marketing or manufacturing are its main goals. The IT department exists to service those greater goals. The priorities of cloud vendors are different. Their platform is their business, and they invest heavily to make sure it meets the needs of their clients, especially where security is concerned. The platform is the business value, including its security.
Cloud Vendors Have the Expertise
Building a platform that is at once secure, scalable, easy-to-use and powerful is not an easy task. System administrators for smaller companies may well be domain experts, but most small companies don't have the budget to hire system administration experts, network administration experts, information security experts and so on. Cloud vendors hire the best because only the best can build and manage infrastructure platforms of this scale and complexity.
Cloud Vendors Have the Experience
Experience and institutional knowledge matter. Cloud vendors make it their business to build processes and systems that embody the best in enterprise-class infrastructure and network security. They have learned through experience what enterprise cloud users want and need, particularly where security is concerned. Cloud platforms are a distillation of that knowledge and experience.
I'm not arguing that it's impossible for a small company to build a secure infrastructure platform in-house, just that it's not the core competence of most companies. Without a commitment to making infrastructure security the central concern of a business and the technical expertise to actually do it, your organization is unlikely to achieve the level of security that a cloud platform makes its daily business.
John Mack is a technical writer for Datarealm, one of the oldest web hosting companies.
Photo courtesy of Shutterstock.