20 of the Greatest Myths of Cloud Security

1 2 Page 2
Page 2 of 2

For some organizations, forced upgrades and maintenance windows, which happen in a multi-tenancy environment, could be a detriment.

“Make sure your change management requirements can be accommodated and that you will have time to plan for upgrades, which can often be an issue with multi-tenancy systems,” said Boatner Blankenstein (@Bomgar), senior director, solutions engineering, Bomgar. “Single tenancy adds flexibility for scheduling downtime without affecting others.”

15: You own all your data in the cloud

“Your data may not always be yours after you’ve uploaded it. And if it is hosted in another country, you could be looking at cross border jurisdictional headaches,” warned Joe Kelly (@legalworkspace), CEO, Legal Workspace. “Many sites retain the right to determine whether data is offensive or violates copyright or IP laws. Other sites will sell ads based on your content – which means your information may not be as private as you think it is.”

16: Cloud provider will continuously manage certifications and compliance

“Many cloud providers oversimplify the security posture of their platform and steer the conversation toward compliance and certifications awarded by third parties,” explained Sean Jennings (@VCDX17), co-founder and SVP of solutions architecture, Virtustream. “Security certifications are point-in-time snapshots of the cloud platform and supporting processes… It is entirely possible for results to be outdated before the ink is dry on a certificate.”

“Focus should not necessarily be in implementation [of compliance policies] but rather auditing and reporting to satisfy compliance,” said Dan Chow (@ExpertIncluded), COO, Silicon Mechanics. “If regulations change knowing where the gaps are will be important to stay up-to-date and assure that a business is compliant and conforms to the latest standards.”

17: Cloud security is a product or service

“Security is not a product or a service, it is a process,” said Galeas Consulting’s Scap. “Segment your networks based on the purpose of a particular application or service, deploy firewalls, monitor logs, system and network activity, create and follow security procedures and policies, decide who has access to data, and have a plan to follow in case of a security breach.”

18: A cloud server has unlimited resources

It may appear that your cloud server has unlimited memory and processing power, but consuming more than you need can lead to performance issues and dramatic price increases.

“Cloud servers have processor, memory and I/O limitations, normally defined when the request is made. These resources are shared with the rest of the cloud environment and are moved between the cloud servers as needed,” explained Abdul Jaludi (@tagmcllc), president, TAG-MC. “A cloud server will use whatever it needs, up to the configured amount and nothing more. In many shops, users are allowed to exceed their allotted resources at a much higher cost, much like the way mobile phone plans work.”

19: There’s no way to check what third party providers are really doing with your data

“‘Malicious insiders’ is one of the most interesting and under-represented issues when people discuss public cloud security,” said Yuri Sagalov (@yuris), CEO and co-founder, AeroFS. “By outsourcing your storage and compute to third party vendors, you now need to trust not only your own employees, but also the employees of the vendor you're using to store and process the data.”

“Some cloud providers mine enterprise data in ways that one might not want or that might invade the privacy of employees in ways that can or should not be allowed,” added Nicko van Someren (@good_technology), CTO, Good Technology. “Ensure that the cloud provider will be able to furnish the customer with audit logs to identify everyone who might ever have access to corporate data and possibly show that they have had suitable background checks and clearance.”

20: No need to verify big cloud providers

It may seem logical to go with a large provider with huge networks, dispersed worldwide data centers, and enormous industry recognition. It’s easy to trust them right. They’re too big to collapse.

Don’t fall into the “trust-but-don’t-bother-to-verify” situation, advised Adam Stern (@iv_cloudhosting), CEO and founder, Infinitely Virtual, “While their businesses may not fail, yours might. An ill-timed outage or glitch could do some serious damage.”

Stern advises you to fully understand your support relationship with your provider: “When a supposedly secure environment suddenly springs a leak who’s going to listen and who will actually help?”

CONCLUSION: Overcoming the cloud myths will allow you to reduce risk

“When the CIA and the NASDAQ begin deploying workloads to the cloud, the debate about whether the cloud can be secured is over,” argued Avail Partners’ Maurice.

Getting hung up on the myths surrounding the cloud will only prevent your organization from realizing the benefits.

Lauren Nelson (@lauren_e_nelson), senior analyst, Forrester Research, explained, “Public cloud is actually an opportunity to minimize financial risk for a net-new project or investment.”

Part of overcoming your fears of the cloud is knowing what not to do when you make that move. For expert advice on a successful cloud migration read 20 Cloud Deployment Mistakes to Avoid.

Copyright © 2015 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Learn how leading CIOs are reinventing IT. Download CIO's new Think Tank report today!