There’s no question that cloud breaches are on the rise. A recent study found that more than two thirds of Kiwi businesses surveyed experienced a cloud breach in the last year.
While this immediately conjures up images of global crime syndicates forcing their way into cloud environments, the truth is much less sensational – with human error, rather than malicious activity, topping the list as the leading cause of cloud data breaches.
Similarly, you’ll be forgiven for questioning whether cloud, particularly public cloud providers, present a major risk to your information security. The media has been rife with reports of breaches and exploits targeting the hyperscalers, with AWS, Azure and Google tied up in the headlines of recent hacks.
We’ve helped many different businesses plan their cloud journey, and in my opinion, the inherent security advantages offered by the big cloud providers cannot be underestimated – with the caveat that your organisation needs to do its part.
The sheer scale of the big providers means that they have both the financial and technical resources to be able to develop or purchase some of the most sophisticated and robust security controls. Public Cloud providers, in my experience, have developed an excellent understanding of security challenges unique to cloud, as well as the ability to respond quickly and remediate issues when they do crop up.
More often than not, it’s misconfigurations of cloud environments, rather than some inherent flaw with the provider, that is the root cause of cloud breaches. That’s why it’s imperative for businesses to not just assume you are safe because you are using the public cloud. You need to ensure businesses plan, utilise and configure their cloud environment correctly, leveraging security tools and services to ensure it stays that way. Testing your cloud environment for any flaws will give you further assurance that your assets and data are safe.
Comparing public and private cloud from a security perspective is a bit more nuanced – there is a common misconception that “private” implies greater levels of security. That’s not necessarily an accurate assumption. Yes, private cloud offers some advantages that may suit needs. However, the baseline security that hyperscale public clouds provide is not always readily available, nor are the resources and tools that support those platforms, which you pay a fraction for with the consumption model of public cloud. The business becomes responsible for the majority of these elements which can be cost prohibitive.
Similarly, there are lingering beliefs that local datacentres are safer than offshore hyperscale centres. While this point may be moot soon with the big cloud providers looking to open their own centres here in NZ, the reality is that geographic location isn’t a factor in the digital world – unfortunately New Zealand is just as accessible as any other nation online.
In a nutshell, it’s hard to argue that private cloud outweighs public cloud from a security perspective – before you even factor in all the other benefits of public cloud, such as innovation and automation.
At the end of the day, when it comes to cloud, no single solution will suit all organisations. The key to ensuring your cloud environment is secure is ensuring you have an adoption framework in place that sets out how security is factored into your cloud environment, and it evolves as your platforms do. That way you can make the best decisions around the deployment – whether that be public, private or hybrid cloud solutions.
