I was recently on site with a client. We were talking about changing their backups from using a server in their office to using a cloud backup service. I explained the pros and cons. Their major concern with moving their data to the cloud was security. They were hesitant to move data to the cloud because they are not sure how secure it was. The data is exposed on the internet where anyone can try to get to it. Concerns about cloud security are valid. The cloud is more secure in some ways and less secure in others.
What is the cloud?
Let’s discuss what the cloud is. The cloud is a network of remote computers around the world that are connected to act as one system. The cloud can store data, run applications, or deliver services like mail or office productivity software. These cloud systems can be accessed from any personal computer or device that has a connection to the internet. There are three types of cloud. Public cloud is available to anyone over the internet. Private cloud is hosted on a private network. The third type is hybrid cloud that uses a mixture of public and private clouds.
What is more secure about the cloud?
When cloud providers develop cloud solutions, they know that the service will be exposed to the internet and write the software to protect against that. They know that hackers will be trying to get into the systems and develop the software and systems to protect against attacks. On-premise software isn’t always developed with security in mind. The security is not as strong, because the developers expect it to be used in a private network. But we aren’t always using the software in the private network. People take their laptops home and airports where networks aren’t as secure. Even work networks can be broken into and if the systems don’t have another layer of security, important data can be accessed or lost.
Cloud services are generally run on servers in large data centers. These data centers have strong security in place to protect the systems and the data. A barbed wire fence may be on the outside of the data center. There are security guards who patrol the building and check the access of people trying to get into the building. Cameras record people’s movement and actions. Servers are locked in cages to prevent unnecessary access. In an office, the only physical security of a server maybe a locked door.
Cloud security is audited. Periodically, the security of the cloud systems is checked by a third party. The third-party checks that processes are in place to protect the systems and data. If the auditor identifies security issues and other ways that security can be improved. Auditing forces the cloud provider to be accountable for the security of the systems.
Cloud providers high security experts to develop their systems. Amazon and Microsoft hire the best engineers to create their systems. The engineers are experts in their fields and know how to develop systems that are safe. They are constantly looking for and security issues. They can quickly fix the issues and send out updates. These updates are sent out to all systems automatically. Security doesn’t depend on a user updating their system.
What is not secure about the Cloud?
Though there are number of ways that the cloud is more secure than on premise systems, it is vulnerable in other ways. If a user does not use strong credentials, systems can be hacked. Weak passwords can be guessed. Users can leave their username and passwords on a piece of paper on their desk. Accounts can be hijacked. Hackers use phishing emails to steal the credentials of users. They use these credentials to access their data that is stored in cloud.
One upside of cloud services is they are accessible if you are on the internet. This also gives anyone else on the internet a connection to the systems. Anyone from anywhere can attempt to attack a system. System on private networks don’t have this problem because it is much harder to access a computer inside a private network than one in cloud. The attackers can try to break into the system over and over since that access is always on. Sometimes systems are access by hackers and data is breached. A breach happens when sensitive, protected, or confidential data is released or viewed by someone who is not authorized. Some data breaches can expose client information, which is a big problem for small businesses.
While discussing moving a service or data to the cloud, the benefits and risks need to be assessed. Both onsite and cloud software can be compromised. Some questions to ask are: