Cloud Security: The Piggy Bank vs Bank Vault
One of the most cited barriers to cloud adoption is general cloud security concerns - this is a conversation that I have with clients all of the time. We’ve seen it in our own surveys and from analysts, but when we take the time to actually sit down with prospective clients we are generally able to allay their concerns. When digging deeper into the issue, we find that the concern about cloud security services is not a lack of technical controls, but rather the very human reluctance to trust someone else with your stuff. We are all very protective of our own things, and it can be hard to part with them even when we know it’s for the best.
The Piggy Bank
When talking to clients, I like to use a piggy bank analogy. If you have money that you want to keep safe, one option is to put it in a piggy bank that will sit on your shelf or perhaps be hidden under your bed. As far as protection mechanisms go, ceramic swine doesn’t actually rank that high, but at least you can see that pig every day and know that you are in control of protecting your money. The downside is that you know very well that if someone breaks into your house, the pig won’t put up much of a fight, and you would face similar losses if there was a house fire. There is also the potential for an inside job where a child may sneak ice cream money out without you knowing. The security of your money is entirely dependent on no one knowing that it’s there.
The Bank Vault
On the other hand, you could put your money in a bank. Banks have many, many protections in place because, as Willie Sutton said, “That’s where the money is.” Because a bank knows that they are a target for bad guys, they have vaults, alarms, armed guards, bulletproof windows and cameras that watch the whole thing. Not only can they assure you that your money is safe from outsiders, but they also watch their own employees just as much. In short, banks are in the business of protecting money, so even though you can’t see it as easily as you see the piggy bank on your shelf, you feel comfortable putting your money and other valuables in a bank.
In short, banks are in the business of protecting money, so even though you can’t see it as easily as you see the piggy bank on your shelf, you feel comfortable putting your money and other valuables in a bank.
Cloud Services Provider = Bank Vault for your Data
In the same way, a cloud services provider can be thought of as a bank vault for your data. A cloud infrastructure provider has exponentially more servers than most companies and as such become very tempting targets for hackers. Additionally cloud providers host workloads for clients in such a wide variety of industries that they have to be able to meet requirements for healthcare, financial, retail and other regulatory bodies. All of this adds up to a cloud services provider putting a tremendous effort into protecting data through a combination of physical, technical and logical controls. Multiple layers of firewalls, IDS, logging everywhere, employee background checks, and thick enough walls to stop anything short of a dump truck.
Could you put all of these same controls in place at your data centre? Absolutely. But it would be like building your own personal bank vault. If you already have a significant investment in local security controls, or have very stringent regulatory concerns then it may be best to keep things in house, but if not, don’t fear going into the cloud.
To read more about cloud security best practices, download the white paper 7 Steps to Developing a Cloud Security Plan.