Which is more secure: the public cloud or on-premises infrastructure?
“Is it more secure to run in the cloud or more secure to run in my data center?” asks John Treadway, senior vice president at consultancy Cloud Technology Partners. “I can do it better. You can do it better… It becomes a religious debate.”
Large enterprises invest a lot in security, Treadway says and so do large cloud providers. “Whether it's more secure or less secure, [the cloud is] at least as secure as most enterprise environments,” he concludes.
As the cloud market continues to mature in 2016, organizations are more willing than ever to use cloud-based services. At Amazon Web Service’s re:Invent conference in Las Vegas in October, the CIOs of Capital One and General Electric spoke about how they’re gaining tremendous advantage by using the public cloud. Officials from Bank of America and Goldman Sachs admit they too are using cloud services and other emerging technology like containers.
But this question about cloud security remains. A recent survey of 1,500 IT professionals by 451 Research Group found that security, compliance and data sovereignty are the three biggest issues holding back their usage of the public cloud.
So where does the cloud market stand when it comes to security in 2016?
If you ask Greg Arnette if the cloud is more secure than on-premises infrastructure he’ll say “absolutely yes.” Arnette is CTO of cloud archive provider Sonian, which is hosted mostly in AWS’s cloud. The public cloud excels in two critical security areas, Arnette contends: Information resiliency and privacy. Resiliency is the idea of not losing data or letting it be susceptible to corruption. Amazon’s Simple Storage Service is designed for 99.999999999% durability and up to 99.99% availability of objects over a given year. That’s difficult to mimic on premises.
On the privacy side, AWS’s Identity and Access Management (IAM) service allows organizations to impose fine-grained controls on what individual users can do in an AWS environment (IAM integrates with users’ existing Active Directory, or other authentication platforms). AWS also gives users access to detailed logs of all activity happening in an AWS account, providing the ability to audit activity for unusual or potentially harmful activity. “The cloud reduces the surface area of penetration attacks because the entry points into the cloud are very well defined and can be locked down with multi-factor authentication, web-based tokens, limited-time restricted access and other very mature tools,” Arnette says.
To deploy these tools in an on-premises environment would require not only large investments in infrastructure, but teams to manage them too. In the cloud, they can be instituted with a few clicks.
Sign up for CIO Asia eNewsletters.