That said, it is in fact now easier for companies to engage in poor security practices because users do not have the same control over their cloud infrastructure that they have over their own on-premise infrastructure. Often, organisations using public cloud assume that their cloud provider is taking care of security and they may even have assurances of that from the provider. Yet usually, the customer has no visibility of the public cloud infrastructure they are using and little transparency with regard to security settings. For that reason, they are placing a lot of trust in the promise that the public cloud provider is addressing security when that may not actually be the case.
Ultimately, companies are becoming more complacent towards risk, simply because they don’t have visibility into the security of the cloud infrastructure they are using and don’t have a way to monitor that security. But as is often the case, ignorance is not bliss. The reality is that managing and monitoring cloud security is an ongoing task and customers need to work with a provider that is able and willing to proactively provide them with security information, alerts and notifications.
This is becoming even more important as companies use the public cloud for more mission-critical production applications. They need to ensure that they are deploying the same security features that are usually deployed for on-premise applications in the cloud.
One of the big consequences of public cloud security failure is downtime, and again there have been plenty of well-publicised examples of this from large public cloud providers over the last year. Downtime in the cloud can have a serious impact on a customer’s business as it often means applications and services are not available. Another consequence is that security shortcomings make it difficult for customers to meet industry compliance regulations – particularly for customers in the finance, healthcare and retail industries. And then there is, of course, the potential loss of data – particularly sensitive customer data – that can lead to serious financial and reputation costs for companies.
Enterprise customers need to engage with a cloud provider that is prepared to partner with them around cloud security and compliance. They should demand visibility into native security and compliance functionality as well as support. Equally important, teams need to get precise clarity on who is responsible for each security measure – the vendor or the customer.
Increasingly, IT organisations are looking to cloud providers to deliver security assurance across multiple layers of the application. This is especially true as more teams are structured with IT generalists, rather than traditional security, networking, server and storage specialists. As pressures on IT teams increase, cloud providers must do more to arm customers with intuitive, advanced security functionality that includes alerts to potential threats as well as recommendations for addressing the issues.
Anticipating this demand, we at iland have partnered with industry leaders such as Trend Micro, Hytrust, Tenable and Nimble Storage to build advanced security into our cloud infrastructure and disaster recovery services, including features like VM encryption, vulnerability scanning, anti-virus and malware and intrusion detection. Further, we invested in providing customers with a single management console that can be used to access detailed security reporting in addition to every other component of their global cloud resources, such as performance, billing, capacity, backup and disaster recovery.
In summary, cloud is becoming a far less risky proposition for customers, if - and that is a big if - they partner with the right provider. In fact, many of our customers have realised that we have invested in more advanced security technologies than they could in their own on-premise data centres. However, the cloud providers’ stance on cloud security needs to go beyond security technology to also provide security reporting and recommendations to customers. Through our cloud console, customers are able to generate a report which, at any time, shows them how their cloud resources and applications are performing against all of these security parameters – it’s that type of information and security partnership that is needed to ensure ongoing cloud security for customers.