Many organizations want to adopt public cloud computing solutions to reduce expenses. To do so, they must first overcome lingering concerns about the security of data and applications migrated to a public cloud. These worries are often rooted in the history of cloud computing, when cost savings frequently overshadowed security considerations. However, in the past few years, both cloud service providers and customers have grown more aware of cloud security issues and how to address them using three primary categories of security controls:
- Authentication solutions that restrict access to sensitive data and applications to authorized individuals only
- Web security tools to detect and block attacks against websites and web-based applications
- Data security products that protect the sensitive data itself from unauthorized access and transfer
While there is no such thing as a 100 percent secure implementation, enterprises that carefully plan and leverage this combination of security controls can achieve acceptably secure environments for most of their sensitive data and applications.
Understanding the Current Environment
Even as cloud computing promises solutions to data storage and other common infrastructure challenges, not everyone embraces it. Many organizations have displayed extreme caution about adopting cloud technologies, especially public clouds, because of concerns about handing control of sensitive data and applications to a third party. Enterprises may also have reservations about the security of cloud technologies themselves, such as their ability to isolate one cloud user’s data from another’s.
These worries are understandable following a history of overlooked security considerations by both customers and cloud service providers in the rush to embrace cloud technologies. Breaches of cloud security have affected major corporations, government agencies, small businesses and even technology vendors. Fortunately, cloud computing and its security have evolved in the past few years.
Today, both cloud customers and cloud service providers are savvier in their understanding of cloud security and the necessary protections for cloud-based data and applications. Cloud service providers increasingly build security into their infrastructures, instead of expecting customers to fill the gap. However, some customers choose to implement their own security controls in order to retain full control.
Whether a cloud provider supplies security controls or a cloud customer provides their own, the same basic control categories (authentication, web security and data security) help to reduce risk to a level acceptable for public cloud deployments. By considering the risk profile for the data and applications before migration, IT leaders can better understand how to configure these controls to best meet specific security needs.
For more information on authentication, web security and data security, read the white paper “Securing the Public Cloud.”