Don’t get hung up on illusion of control
However, not everyone agrees this is right, as Mark Ridley, group technology officer at venture builder Blenheim Chalcot Accelerate, explained during a Computing web seminar last week. “I totally understand that, although I don’t agree with it,” he said.
“When I first started looking after servers 20 years ago I was loathe even to put them into a managed hosting system. Those were the days of Windows NT when servers would go down all the time and I couldn’t stand the thought of not being able to physically reboot the server when I needed to.
“I’ve had to go through an evolution in understanding security in the cloud,” he added.
Ridley maintains that, with a few caveats, public cloud encourages greater security, not only because of the expertise that cloud providers can bring to bear, but also because using their services forces organisations to think about data security in greater detail.
“You have an illusion of control and security and governance by having everything being in one space, but actually you’re probably not scrutinising your own organisation in the way you would a third party. The cloud provider is not necessarily a friendly actor, so making sure your data is protected against them can often lead to much higher levels of security than if you manage your own infrastructure.”
This doesn’t mean that all organisations should start putting sensitive data in the cloud, however. For a start, many do not have the right skills and culture to properly manage cloud services.
“You need an organisational change to use the cloud and some companies aren’t ready, so they’d be better off with hosting or a private cloud,” Ridley said.
“The organisation needs to change the way it looks at security, and it could be that you simply have the wrong sort of people in your organisation. They could be comfortable with thinking that security stops with the firewall, but that changes completely with cloud.”
Another caveat is the type of data you might wish to process and store. For example, US cloud providers are legally obliged to allow US government agencies to access their systems. State interceptions have been shown by the documents leaked by Edward Snowden to be motivated by industrial espionage as well as issues of national security. Intrusive laws are being introduced by other countries too, including the UK.
“When you start looking at the public cloud you have to look at how you protect data from government activity,” Ridley said, explaining that this too requires fundamental changes in organisational thinking.
For Full Story, Please click here.