Haven’t forgotten the Anthem breach yet, have you? What about Sony? Target? Who could forget such high profile data breaches?
They’re far from alone. Big or small, the breaches continue.
Just last week, Auburn University admitted it left student and faculty data exposed online for over 6 months. They’ve reassured the public that no financial or payment information was at risk…only names, social security numbers and birthdates. That’s not exactly reassuring news.
One big thing all these victims had in common is they all have their own private, on-premise datacenters. Conventional wisdom tells us that owning your own facilities is a way to increase security and reduce the chances of breaches, but recent events are proving otherwise.
If we can no longer rely on datacenters to safe keep our information, perhaps it’s time to start re-evaluating our initial qualms about cloud-based security.
Why do we feel so secure “at home”?
It’s natural that we feel more secure in our private datacenters than in the cloud. After all, it’s something tangible and concrete that we feel we control. The problem is that control is an illusion. Datacenter or cloud, we have to have people who specialize in data security, know how to implement the necessary protocols and are vigilant in their commitment to defend our data.
As TechCrunch reported recently, most companies, no matter how large and profitable, are not about data security. It isn’t that they don’t want to protect their information; it just isn’t what they do.
It makes sense. If your business is to make movies or record music, data security isn’t your number one priority. Of course, it’s high on the list, but it isn’t where your expertise lies. The same is true if you’re in retail, healthcare or manufacturing, or just about any other industry.
But when you store as much personal data as Sony, Anthem, Target or JPMorgan, acquiring that expertise simply must become an urgent goal. And while those private datacenters sound great in theory, most companies just don’t allocate enough resources to keep their data secure.
So does that mean your enterprise data and applications are safer in the cloud?
But is everything safer up there?
Yes, it’s true that a cloud provider allocates more security resources than most. After all, protecting their customers is where their expertise lies. They provide infrastructure services to those that can’t or don’t provide their own, and a big part of that includes data security. They’re doing everything they can on their end.
But as Forrester Research says, it’s easy to try to blame your cloud provider in case of a breach, but oftentimes, it isn’t their fault. The provider can secure its datacenters and its network, but there are vulnerable access points they can’t control. It’s up to the user to protect those data points. The weakest points in a data security system isn’t in the cloud; it’s where you, the user, create access points.
Just because your data is in the cloud doesn’t mean you abdicate all responsibility for its security.
So what are you supposed to do about it?
Whether you have a top-rated cloud provider or a top-notch IT staff on-premise – or both – there’s never a complete guarantee you won’t become a target.
The most basic way to minimize the damage of a breach is to spread the risk. If you’re working within a private datacenter, don’t keep everything on a single server, database or network. Segment your applications and data across multiple machines, either physical or virtual. If a determined hacker makes it through to one server, they aren’t likely to make it through to the rest.
Segmentation is much simpler in a cloud environment – private, public or hybrid. In a virtual environment, each application or database can run on its own server with its own access security. And it’s more cost-effective to spread your risk among virtual servers because they’re cheaper than the hardware you need for physical datacenters.
Whichever route you take, the point is to break things up. Don’t make it easy to get all of your sensitive information from one place.
Are you better off where you are?
You entrust your IT staff with your company’s most priceless assets: business and customer data. For some, the staff is in their own private datacenter. For others, they work for their cloud provider. Either way, you rely on their expertise and dedication to protect you.
So far, attackers have favored private datacenters over cloud infrastructure. But as the cloud adoption continues to soar, so will attempts to breach it. Whether private or cloud, you have to exercise your own sound cyber security policy to come through with minimal damage.
Are you planning to move to the cloud, or will you stay private?
If you don’t have data security expertise in house, consult someone who does. They can assess, plan and execute your security policies. So you won’t have to wonder, “Am I the next target?”