Let’s settle this old argument once and for all. With a good provider, and properly set up, the cloud is more secure than most on-premises infrastructure.
Does that still sound a wee bit equivocal? It has to be. Large enterprises, particularly in industries such as finance, can build superbly secure private infrastructure—they have to and can afford to do it right. Not all companies are gifted with these kinds of budgets, however; nor are they able to attain such a high level of protection.
Cloud Security Versus On-premises
The cloud is not 100% bullet proof, and yes, the cloud can be hacked. Even Amazon’s market leading AWS has been compromised, most noticeably two years ago in the case of Code Spaces. Code Spaces was not your typical victim since it was, by all accounts, a pretty tech savvy outfit. The SaaS provider was seven years old at the time of the hack. Hackers breached the company’s AWS’s control panel, locked the account, and refused to relinquish control until a ransom was paid. Code Spaces resisted, so the attackers began deleting and then kept on till nothing was left – including the company.
While startling, this story is pretty rare. And if the provider had a second provider to mirror the data, it would be in business today.
Contrast the relative rarity of serious cloud breaches with the pervasiveness of attacks on on-premises systems, and you’ll start to get the point. If you are resisting the cloud because it is insecure, you might want to look for another out.
Cloud Growth Booming
IT is getting the message. It is moving to cloud services in droves, undeterred by lingering security doom and gloom. Here the proof is in the pudding. If the cloud was a security mess, why is IT spending on it growing by leaps and bounds?
According to IDC’s Worldwide Semiannual Public Cloud Services Spending Guide, revenues from public cloud services will hit some $195 billion in 2020 globally, more than doubt the $96.5 billion the cloud brought in 2016. The compound annual growth rate (CAGR) will be 20.4% from 2015 through 2020.
“Cloud software will significantly outpace traditional software product delivery over the next five years, growing nearly three times faster than the software market as a whole and becoming the significant growth driver to all functional software markets,” said Benjamin McGrath, senior research analyst, SaaS and Business Models. “By 2020, about half of all new business software purchases will be of service-enabled software, and cloud software will constitute more than a quarter of all software sold.”
The cloud is simply an IT game changer. “Cloud computing is breaking down traditional technology barriers as line of business leaders and their IT organizations rely on cloud to flexibly deliver IT resources at the lower cost and faster speed that businesses require. Organizations across all industries are now free to adapt to market changes quicker and take more risks, as they are no longer bound by legacy IT constraints,” said Eileen Smith, program director, Customer Insights and Analysis.
Even more interesting, SMBs represent about half of this cloud spend.
The percentage of SMBs (less than 100 employees) adopting the cloud has more than tripled in the last year, from 20% to 75% now. The midmarket (100-999 workers) is almost all in the cloud with 95% of these companies having made some kind of cloud move. SMBs now have an average of four cloud apps running, with the midmarket runs roughly double that number.
The Logic Behind Superior Cloud Security
The reasons the cloud is generally safer are pretty simple. Like with economies of scale, cloud providers must protect large swaths of infrastructure, so they get pretty good at it. And with this scale, they can afford the best security solutions and staff. More important, if their cloud services weren’t safe, no one would by them.
On the flip side, the typical IT operation has many functions to provide, and isn’t 100% focused on security. There are few or no dedicated security professionals, and budgets tend to be tight limiting the deployment of security solutions.
Research Proves Cloud Point
Microsoft settled the SMB cloud security debate with a landmark survey. It found that SMBs that hadn’t moved to the cloud worried about security. 64% of these SMBs were highly concerned about cloud security, while 45% worried about losing control of company data.
Microsoft also surveyed SMBs that already moved the cloud and heard a very different story. Here 94% of SMBs that used the cloud had better security. This is because the cloud providers offered current anti-malware controls and based their infrastructure on modern up-to-date systems. At the same time, 65% of SMB cloud users experiences improved reliability and 62% got more privacy.
“There’s a big gap between perception and reality when it comes to the cloud. SMBs that have adopted cloud services found security, privacy and reliability advantages to an extent they didn’t expect,” said Adrienne Hall, general manager, Trustworthy Computing, Microsoft referring to the survey results. “The real silver lining in cloud computing is that it enables companies not only to invest more time and money into growing their business, but to better secure their data and to do so with greater degrees of service reliability as well.”
Microsoft brought out a Microsoft Office 365 customer that proves its security point.
“In the financial services industry, security and compliance are a critical table stake. Microsoft Office 365 gives us peace of mind that these things are being handled, and handled well. So much so that we’ve been able to reposition resources to reinvest in our business,” said Matt McCombs, president and chief operating officer, DHCU Community Credit Union. “Quite simply, the move to the cloud saved us money and freed up time to help us focus on what matters most — serving our members.”
MSP and cloud provider Hostway also performed a survey that looked at security, performance and scalability. It found 80% of respondents believe the cloud is more scalable than in-house infrastructure.
“Participants were asked which of the following services is more secure in a public cloud vs. an in-house setting: web servers, database servers, email services, CRM and additional collaboration software. Signaling a significant shift in perceptions, even among audiences generally comfortable with cloud services, 62% of survey respondents indicated that key services are more secure in a public cloud environment,” the research revealed.
In looking at performance “The survey revealed that 73% of respondents preferred public cloud hosting to in-house services based on performance,” the Hostway survey revealed.
All this doesn’t mean SMBs are in the clear. IT must choose providers based on their security profile. And IT must secure their own side of the network; in particular making sure end user access is protected by proper password policies and identity management solutions.
Learn more about safe access by reading our Single Password = Security Failure: How- Two Factor Authentication Saves the Day blog.
Monitor Your Cloud with Traverse
The cloud presents special network management and security challenges for IT. That’s because internal IT doesn’t have full control of the provider’s cloud infrastructure or a full view of all the network pieces that support these cloud applications and services.
With Traverse, IT staff can view even the most complex infrastructure based on service-level views. This service-oriented view enables fast root cause analysis, so network and service and security problems are quickly resolved and don’t hold operations up.
Learn more about Kaseya Traverse here.
Kaseya AuthAnvil Multi-Factor Authentication Secures Access
Many cloud hacks are due to cracking weak authentication systems. Fortunately, Kaseya AuthAnvil provides strong multi-factor authentication – as well as the ability to encrypt all user passwords and the data as it is transmitted.
There are two other layers of authentication protection. AuthAnvil includes single sign-on (SSO) which makes it easier for end users to log on securely to multiple services. And password management enforces key issues such as strong passwords, frequently changed passwords, and decommissioning a password when an employee leaves.