Cloud security: your move...
Security in the cloud was often the biggest stumbling block - now it's become cloud's biggest enabler.
"People used to be afraid of immigrating to the cloud because of security. Now the cloud is considered the safest place to be. How times have changed," says Lee Jenkins, Head of Technology at ETS Innovations.
It's a bold statement to make, that the cloud is more secure than an on-premises environment, but there are instances where this is undeniable, says Jenkins.
He goes on to list the top five concerns around cloud adoption, together with mitigation:
1. Security - this is a top priority for any business, and cloud simplifies it by following industry blueprints.
2. Cost control - cloud providers now provide accurate forecasts of cloud spend. This can be then be allocated to projects and departments, as required.
3. Finding the right provider - the top three cloud providers all provide similar services, differentiation comes down to customer service.
4. Meeting regulatory compliance standards - following best practice and industry standards allows companies to meet regulatory compliance standards.
5. Lack of expertise - this issue is declining in significance, as more certified resources become available.
"One of the main objections that we hear to cloud adoption is around data protection and who can get potentially get hold of my data? Businesses of all sizes and across all sectors are becoming increasingly concerned about the security of their data and legal compliance," says Jenkins.
And while cloud computing and storage provide the ability to store and process data in third-party data centres, it can certainly impact on compliance. Over and above legislation specific to their sector, their data could be impacted by POPI, GDPR or even the Patriot Act, depending on where it's hosted. And rightly so. But what businesses don't consider is that cloud providers are able to offer enterprise-grade security solutions that many businesses just can't afford to implement onsite.
For example, while the Protection of Personal Information act (POPI) doesn't say how a business must protect data at rest or in transit, the only cost-effective way to do so is to encrypt it, therefore all cloud providers must offer the ability to encrypt data, both in transit and at rest. You have to ask yourself whether the average business has the capability to do the same, says Jenkins.
He points out that while the responsibility for cloud security is shared between the client and the provider, the latter is in a position to do it better as they have the money and resources to do so. "As cloud providers operate on economies of scale, certain high-cost aspects of security can now be achieved at commodity costs. These include physical security and perimeter network protection."
Cloud providers must have strong identity and access management controls in place, together with virtual network segmentation, to provide a high degree of isolation. They have access to highly skilled staff who are able to implement security models and procedures that typically make cloud computing more secure than on-premises computing. It's safe to say that enterprise class security is now available at a commodity price, according to Jenkins.
"Big corporates like Google, Microsoft and Amazon are in a much stronger financial position when it comes to security than the man on the street or the small business," continues Jenkins. "Very few businesses can afford to implement biometric security, for example."
Underlining how perceptions have changed over time around online security, he points out that many activities that were once regarded as 'unsafe' are now done routinely. "Consider online shopping, initially the concept was regarded with great suspicion, but it's now become commonplace. What most people don't realise is that they're probably already in the cloud, even though they may think that they aren't. Anyone who uses Gmail or Spotify is active in the cloud."
Plus there's the increasing trend for businesses to outsource non-core activities, and cloud is just another outsourced function. There's a cloud offering for pretty much every size of business and every data security requirement with an assortment of cloud service models (Infrastructure as a Service, Platform as a Service, Software as a Service, X as a Service) and deployment models (hybrid/public/private).
So for example, a business that has data that can't legally leave the premises could keep that onsite while having email and other applications in the cloud, which entails a hybrid approach to cloud adoption. Jenkins reckons that a hybrid approach to cloud adoption is probably the safest way forward.
He feels that businesses have no choice but to have some degree of cloud implementation: "Cloud puts an end to siloed or slow implementation and the ability for self-service is that much greater. And it's enabling big data to be used in more efficient and innovative ways than ever before. Consider how the Waze application collects big data, sending real-time traffic information back and forth constantly using the Google cloud. No one company could build that capability in-house."
Netflix is another example cited by Jenkins, the functionality of the backend just wouldn't be possible without the cloud. Airbnb is another business that doesn't host its own data, everything sits in the cloud. Of course at the other end of the spectrum are Google and Facebook, who choose to host their own data, says Jenkins.
The bottom line is that businesses of any size can go into the cloud, it's not just for big business. It's accessible, it's secure, there's a solution for every requirement and there's no boundary to access.