24 Sep 2015

Part 2: Concerned about security of data in the Cloud?

I remember reading a Gartner report in 2008 on how “fraught with security risks” cloud computing was.

Amazon Web Services had only been live for two years at the time and market analysts were buoyantly predicting how cloud would go on “to change the status quo in the IT market”.

In the seven years since then, cloud has certainly gone some way to redefining how we think of IT, but its adoption remains dogged by many of the same concerns about security.

A 2014 survey by Autotask found security is the top concern with cloud for 54% of its 1300 respondents.

A more recent survey by Cloud Security Alliance indicates 61% of executives now get involved in decisions about the security of data in the cloud – suggesting the issue has become even more pronounced.

When I speak to customers, I find concerns about cloud security boil down to the impact of moving anything sensitive off-premise and onto shared infrastructure.

In my last post, I introduced the idea that migrating to the cloud needn’t be an all-or-nothing decision, and that a hybrid model – where some workloads run on-premises and others in the cloud – made a lot of sense.

The hybrid model makes particular sense in addressing security concerns because it allows businesses to keep applications or data they are concerned about onsite, where they can see it.

The other side of addressing security concerns is deciding which cloud is safe enough to put your other applications or data in.

Most of the public infrastructure-as-a-service providers such as Microsoft Azure and Amazon Web Services offer to host applications and data in a multi-tenant server and storage environment.

Multi-tenancy means having applications and data reside on the same physical hardware and same cloud fabric as another organisation’s data. That organisation’s applications and data are logically segregated from that of other organisations, but we understand this might not be enough to allay your fears.

It’s part of the reason why Brennan IT offers its clients the ability to customise their Cloud with a dedicated cluster of compute and storage ultimately delivering higher levels of security assurance and performance assurance.

While this is a good answer now, the fact security has remained a concern with the cloud for so long perhaps suggests the need for better education around multi-tenancy environments.

For example, while some businesses fear putting sensitive data into a multi-tenanted cloud, we think little of sharing that same data over phone lines and in teleconferences.

Telecommunications networks are – by definition – public and multi-tenanted. They have always been shared platforms where each stream of communication is separated and communications are split up at one end and re-assembled at the other.

As an industry, perhaps we could do a better job in making sure cloud customers can have the same level of comfort with IaaS and SaaS that they have natively with telecommunications networks.

This is the second blog post in our hybrid cloud series. Read the first blog post here or call Brennan IT on 1300 500 000 for more information.