In 2013, a Computer World headline said it all: “No, your data isn’t secure in the cloud.”
This assumption has continued to bounce around the subconscious of many IT decision-makers. While 85 percent of enterprises have a multi-cloud strategy, more than half of companies (51 percent) cited security as the biggest challenge in moving more workload to private or hybrid cloud storage.
In so many ways, it’s not 2013 anymore. Security risks in data storage are very real, and for some enterprises (Facebook, for example), the repercussions of a security breach are so significant they have no choice but to employ the greatest minds and tools in data security, and manage on-site. But, if you’re not Facebook, cloud hosting may be a more efficient and secure option than doing it yourself.
Organizations that resist the cloud typically fight back because of one of three myths:
Myth 1: You can’t control where your data lives in the cloud.
Where your data resides has become increasingly significant. Geopolitical issues, tax laws, security regulations, national protectionism, and other factors can all place limits on where data can move and be stored. While a valid security concern, companies do in fact have some control over where their data is physically stored as most enterprise class cloud storage providers offer multiple availability regions in which to place your assets. Maybe not to the state or county level, but at the regional level, for sure.
Myth 2: Cloud storage doesn’t support my PII/highly sensitive data security requirements.
For example, HIPAA healthcare regulations are some of the most strict regulations in the industry, and they impose requirements on encryption of data and storage that are generally viewed as difficult to support. In response to this trend, a growing number of cloud storage services are now becoming HIPAA compliant and have offerings in this area that are verified by third-party validations. While it may take years for an enterprise to get an on-site data storage center HIPAA-certified, contracting with a HIPAA-certified service will likely take only a few hours. Similar stories are true for other forms of PII/highly sensitive data storage requirements.
Myth 3: Cloud environments are more vulnerable to attack.
IT data centers generally have the same susceptibility to attack, whether they are located in an on-premise data center or in the cloud. Your protection relies less on location and more on the strength of security in the storage environment. Many, if not most, of the world’s enterprises don’t specialize in data storage and security, and are crossing their fingers managing a small team of in-house IT resources. In these cases cloud storage options may be safer given that data security is their bread and butter.
Beyond myth busting
Are one of these three or other widely held beliefs keeping you from considering a cloud strategy? In the end, each organization must decide how it wants to secure its data and will rely on similar technical capabilities to provide the level of security that it requires.
If you are employing a robust team of in-house IT resources at an on-site data center (plus shouldering the myriad of investments and costs associated with the land, building, and equipment), is your data center strategy requiring a near constant commitment of capital budget to stay current with ongoing security threats? If so, for many, a cloud strategy can be equivalent to automation in a factory – more efficient and cost effective than an exclusively on-site data center.
In today’s world, many cloud providers build in the latest tools and techniques as standard features. They can help provision new assets or resources in a fraction of the time it takes a typical company to procure and install new physical assets. And, when your needs change, you can upgrade – or downgrade – assets in a matter of minutes in most cases. You’ll still need technical resources with the knowledge of how to configure and secure the resources, but it can be executed with the knowledge that the tools and capabilities have the hosting provider’s expertise behind it.
So, to revisit the Computer World headline “No, your data isn’t secure in the cloud.” Myth or truth?