Public Cloud Security
When deciding between a public, private or hybrid cloud offering, companies often consider the security risks involved. The name alone can make some people think the public cloud is not nearly as secure as a hybrid or private offering but is that really true or is the public cloud secure enough for your company’s data?
The simple answer is yes, the public cloud is secure. Technology advancements and solutions over the past few years have eased the security fears for many users of the public cloud. Of course, that is not to say that any cloud is 100% safe as there are always risks but that is true of housing data on-premises as well.
Service providers have to be secure
Some companies are actually citing security as a reason they chose to migrate to the public cloud. Surprised? Don’t be.
“When we outsource infrastructure, we do it because when we consolidate expertise you get better results,” according to Bruce Schneier, CTO of Co3 Systems, in “Security Experts: The Public Cloud is a Safe Place for Storing Data” by Kevin McLaughlin. “You don’t run your own airline or do your own taxes. There is enormous value in having an entity that is in charge of that.”
Security has and continues to be a major focus for public cloud providers. The demand created by the market for security in this platform, driven as well by customers, only strengthens the cloud providers’ attention and priority to this need.
Compliance not complacence
Check your cloud provider’s compliance audits and better yet tour the facilities where your data will be housed. Their audit documents should be accessible if your cloud provider is compliant with governmental regulations, such as HIPAA or SOX. Another area of concern for any company dealing with credit cards is the Payment Card Industry Data Security Standard (PCI DSS), which governs transactions as well as data storage and the handling of any credit card purchases. Data centers and cloud providers dealing with any sort of sellable goods should be compliant with PCI DSS. It is important to note that while the cloud provider is compliant, that does not automatically make the customer compliant. The customer has to go through its own compliancy audit; working with a cloud provider that has this compliancy is just one necessary piece to being compliant. For more information, visit Expedient’s compliance webpage.
The fact is that being secure in the public cloud comes down to the consistency of your cloud provider and whether or not you trust that provider with your data. The cloud is only as secure as your provider makes it. Work with a trusted partner that has multiple levels of security, has available compliance audits and keeps up with the latest trends in technology, including patches, virus protection, firewalls and backup solutions. They should be open to your auditors and welcome giving you a tour of their facilities so you can see their operational practices firsthand.
For more on whether Expedient’s public cloud could be right for you, visit here.