Logo Header Menu

Cloud computing: myths vs realities 

There are many myths surrounding security and compliance in the realm of cloud computing that still endure. What’s the reality? Cloud computing: myths vs realities  image

 

When hackers raided Equifax’s system, they absconded with the personal data of 143 million individuals. In the blink of an eye, a group of people nearly half the size of the US population  had their identities stolen from one of the three major credit bureaus.

Several Equifax executives resigned, but the fallout remains. The IT team had failed to update and patch Apache Struts, which is used to power a system that allowed individuals to dispute agency records. Without the proper updates, it served as an open window for the attackers  to get full access to the site.

This was a breach of an on-premise, legacy corporate data center – not the cloud. However,with these large-scale breaches becoming increasingly common, people are interested in determining if cloud data is as secure as cloud service providers (CSPs) would have them believe.

When we look at the myth and reality of compliance concerns in cloud and virtualised environments, we are addressing security. The reality is that this is an environment that is well-suited for data protection with the right safeguards in place. We must also rise above the faulty opinion that regulators are against cloud computing.

>See also: Debunking the multi-cloud myths

Myth: Your data centre beats cloud on security

Here are some thoughts from heavy hitters on the topic.

New York Times deputy tech editor Quentin Hardy noted that cloud data is likely protected by a higher degree of security than data stored in a traditional data centre setting. Hardy noted that some of the most highly skilled computer scientists in the world are working to make these cloud systems virtually impenetrable.

In his argument for the security of cloud in TechTarget, David Linthicum talks about  “the folded arms gang” – those who feel that cloud computing does not have the mechanisms in place to create a truly secure or compliant setting. Linthicum argues that you should be even more cautious about anything that you put onto your own servers. His own assessment of traditional and cloud ecosystems had revealed the latter to have better security than the former.

Gartner’s report is perhaps the most devastating news to those who don’t believe in the cloud. “[T]he security posture of major cloud providers is as good as or better than most enterprise data centers and security should no longer be considered a primary inhibitor to the adoption of public cloud services,” the Linthicum said.

In other words, a cloud that is built credibly and with the most robust, cutting-edge tools is more compliance ready than a legacy data center. The analyst projected that the number of breaches experienced by infrastructure-as-a-service systems will be at least 60% lower than those of legacy environments by 2020.

Myth: Regulators hate the cloud

Both standards bodies and the federal government have become increasingly receptive in moving past cloud’s virtualized design and treating it as a viable form of technology. For instance, the PCI Security Standards Council has issued Cloud Computing Guidelines.

More mainstream attention has come from the Department of Health and Human Services (HHS) releasing its Guidance on HIPAA & Cloud Computing – relevant to healthcare organisations and heir service partners that process or handle electronic protected health information (ePHI). Those parameters are particularly interesting because they represent an acceptance that, with the right safeguards in place, cloud is equipped to meet the strict privacy and security requirements of federal law.

The HHS instructions note that cloud is considered an acceptable means to protect this extremely sensitive, legally protected data so long as the firm working with the cloud provider has signed a business associate agreement with them. The HSS specifically points out that public, private, and hybrid clouds are all acceptable provided that HIPAA compliance standards are met.

Myth: Compliance with cloud doesn’t require anything from you

Compliance is still a dual responsibility between the cloud service provider and the regulated company. The PCI guidelines state that “[c]lear policies and procedures should be agreed between client and cloud provider for all security requirements, and responsibilities for operation, management and reporting should be clearly defined and understood for each requirement.” This language is similar to the notion of a business associate agreement (BAA) under the HHS. These agreements are essential to understanding and delineating roles and responsibilities.

>See also: Truths and myths about the cloud opportunity

Myth: Virtualisation is an enemy of compliance

Clouds are virtual machines, but what about virtual machines that are created in a legacy environment? You can be fully compliant provided you meet the specific needs of a virtual environment – as detailed by the PCI DSS Virtualisation Guidelines.

For example, it is important to pay special attention to the hypervisor, since it is an attack surface that is unique to virtualisation. You should also be careful about mixing virtual machines with different trust levels, since an intruder could use those with weaker security controls to get to ones with more sensitive data. A virtual environment, can meet the needs of all the major standards and regulations just as well as a physical setting can.

Myth: Compliance is easy

The truth is that compliance is complex. It is important to carefully vet all providers to help you protect compliant data. It is also critical to make sure that appropriate safeguards are in place, such as encryption and backup, along with a clear understanding of processes, responsibilities, and accountability.

Cloud is being used today in compliant settings to improve security – agreeing with the notion from thought leaders that this technology is game-ready for any organisation.

 

Sourced from Marty Puranik, CEO of Atlantic.Net

Latest news

divider
AI & Machine Learning
Balancing control and speed when integrating AI

Balancing control and speed when integrating AI

22 November 2019 / Within the cloud space, AI is being considered for collaboration more and more as the [...]

divider
Releases & Updates
Digital work to increase 50% within two years, says study

Digital work to increase 50% within two years, says study

21 November 2019 / The report, entitled ‘Content Intelligence for the Future of Work‘, was carried out by the [...]

divider
Releases & Updates
Belief in multi-cloud usage lacking, says study

Belief in multi-cloud usage lacking, says study

20 November 2019 / The study, entitled ‘Mapping the Multi-Cloud Enterprise’, was carried out by the Business Performance Innovation [...]

divider
Releases & Updates
HSBC and MuleSoft join forces to build APIs

HSBC and MuleSoft join forces to build APIs

20 November 2019 / The partnership will offer a multi-channel customer experience using APIs that will take on the [...]

divider
AI & Machine Learning
The 3 factors preventing successful AI adoption, according to IBM’s GM

The 3 factors preventing successful AI adoption, according to IBM’s GM

20 November 2019 / AI is predicted to add up to $15.7 trillion by 2030, but three main aspects [...]

divider
Major Contracts
Salesforce and AWS extend partnership

Salesforce and AWS extend partnership

19 November 2019 / Set to be a part of Salesforce‘s Service Cloud Voice, the integration will aim to [...]

divider
Releases & Updates
“Chasm in perception” found regarding cyber security

“Chasm in perception” found regarding cyber security

19 November 2019 / A recent study has claimed there is a “chasm in perception” between IT decision-makers and [...]

divider
Governance, Risk and Compliance
How to deliver value with intelligent data governance

How to deliver value with intelligent data governance

19 November 2019 / Intelligent data governance is needed to deliver business value, but there’s a problem; governing data [...]

divider
AI & Machine Learning
What is the answer to regulating AI? And why is it important?

What is the answer to regulating AI? And why is it important?

18 November 2019 / Regulating AI; what could be so hard? The European Union recently published seven guidelines for [...]

Do NOT follow this link or you will be banned from the site!

Pin It on Pinterest