Ask any CIO for a list of the top three things that keep them up at night. There’s a really good chance that security will be in the list, whether their data and applications are on-premises or in the cloud. In a recent survey conducted by Crowd Research Partners, nine out of 10 cybersecurity professionals claim that they are concerned about cloud security, in particular. That’s up 11 percentage points from the firm’s 2017 Cloud Security report. However, while public cloud vendors are not immune to security threats, it’s likely that they can provide better security than most organizations can on their own.
There is good reason to be concerned, after all. In April alone, more than 72.6 million records were leaked worldwide, according to IT Governance. That’s just the reported incidents. When the EU General Data Protection Regulation (GDPR) goes into effect on May 25th with mandatory data breach notifications, that number will surely rise come June. It’s no wonder why almost half of the organizations surveyed by Crowd Research Partners say that their cloud security budgets will increase.
4 reasons why you should choose cloud security
There are many benefits of moving infrastructure and desktops to the cloud, and increased security is chief among those. Yet, even though CIOs still worry about how secure their data is in the cloud, more and more are coming to realize that the value of moving to the cloud far outweighs any security risks. It’s also becoming more clear that cloud providers can offer better security at a lower cost.
Some of the benefits of cloud security include:
- Protection against DDoS attacks: In 2017, DDoS attacks were conducted against targets in 84 countries, with China, the US and South Korea topping the list. These can cost companies hundreds of thousands of dollars to recover from. Cloud service providers are prime targets these attacks that flood server infrastructure with massive amounts of traffic. They can also disperse that traffic across multiple servers and data centers to mitigate downtime and damage.
- Patches and updates: Unpatched and out-of-date software is one of the easiest and common vulnerabilities for hackers to exploit. Cloud service providers regularly install patches for their customers and can do so in the background without any disruption to services.
- Data breach defense: Whether it’s a cyber criminal, a malicious employee or simply human error, data breaches happen all the time. Today’s mobile workforce only compounds the risk with users accessing data and applications from multiple devices across the network. To mitigate this, cloud providers encrypt data at-rest and in-flight, and also provide organizations with sophisticated tools to manage and secure mobile environments.
- Physical security: Very few executives can confidently say that they are very prepared protect and recover their data and physical infrastructure when disaster strikes. Cloud providers store data on secure infrastructure in redundant data centers, and back everything up routinely. They also have 24-hour camera surveillance and strict personnel access controls in place.
Example: Google Cloud security
Google Cloud provides six layers for a complete security stack in its worldwide state-of-the-art data centers. Components of Google’s security stack include:
- Operational Security – Intrusion detection; reducing insider risk; safe employee devices and credentials; safe software development
- Internet communication – Google front end; DDoS protection
- Storage services – Encryption at-rest; deletion of data
- User identity – Authentication, login abuse protection
- Service Deployment – Access management of end user data; encryption of inter-service communication; inter-service access management; service identity, integrity and isolation
- Hardware infrastructure – Secure boot stack and machine identity; hardware design and provenance; security of physical premises
On top of that, Google Cloud has a team of over 700 cybersecurity experts that have had been among the first to discover major security vulnerabilities like Heartbleed, Meltdown and Spectre. They’ve also created a reward program for reporting software security issues, and implemented an “SSL by default” policy.
While security is—and should be―a critical concern for any business considering the cloud, it isn’t stopping the growth of the cloud computing market. According to Gartner, the global hyperscale public cloud services market will reach a total of $186.4 in 2018—that’s 21.4 percent larger than 2017. As it turns out, the benefits that cloud security provides has become a major reason for that continued growth.