As digital disruption continues to redefine what’s possible at an unprecedented speed and scale, organisations are increasingly turning to cloud-based capabilities to survive and thrive. The cloud has become critical not just to the day-to-day, but to enabling the IT innovation that will determine business success tomorrow.
According to The Cloud Industry Forum, nearly three-quarters (78%) of UK firms are now embracing the cloud, citing flexibility (77%), scalability (76%) and reliability (74%) as the leading drivers. Yet, despite the cloud’s obvious business benefits, it still carries a security stigma. Three-quarters of CEOs (77%) cite security as their main fear when it comes to the cloud. Security is also consistently named as one of the top three barriers to adoption, whether organisations are considering public (41%), private (21%) or hybrid cloud strategies (24%).
Given the marketing hype, media hysteria and regulatory complexity surrounding cybersecurity today, it’s no surprise that business leaders have fears over cloud security – but are they justified?
Myths & realities
When considering the cloud’s security credentials, the first question we should ask is: “compared to what?”. Is an organisation’s data at greater risk in the cloud than on-premise? According to Wieland Alge, VP and GM of EMEAR at Barracuda Networks, the answer is no: “almost all of the massive data breaches we’ve seen of late were within traditional on-premise IT”.
The leading cloud platforms have also made massive investments to resist cyberattacks. Microsoft, Amazon and other major cloud providers are not only highly motivated to ensure top-notch security for customers, they also have the funding, skills and technologies to make it a reality.
Individual enterprises simply can’t compete with these cloud providers on security – whether we compare the physical defences surrounding cloud data centres and office-based servers, or the quality of the cyber skills and tools protecting virtual systems. Simply put, securing on-premise IT is harder for enterprises because security isn’t their core business: a lack of time, money and cyber skills all hamper their efforts.
Perhaps most telling of all is the fact that the most security-conscious industries, including banking and defence, are now embracing the cloud. Senior executives in the financial sector have suggested that 30% of their IT requirements could be met by the public cloud within three years. Meanwhile, even the US Central Intelligence Agency (CIA) has partnered with AWS on a $600 million contract for cloud services.
While business leaders may feel more comfortable with the status quo inside their organisation, the reality is that on-premise IT is not as secure as they believe, while the cloud is more secure than they think.
While cloud security may be superior to on-premise IT in general, adoption is likely to remain a gradual process. Today, most organisations (57%) are leveraging a hybrid approach that combines the security and performance of on-premise infrastructure with the public cloud’s agility, cost-savings and economies of scale.
However, such hybrid strategies raise the conundrum of how to best link on-premise and cloud-based workloads. While the major cloud platforms are secure, accessing them via the public internet brings both security and performance concerns. Not only can data potentially be intercepted by malicious actors, business performance also remains at the mercy of spikes in public internet demand.
By allowing organisations to place their on-premise infrastructure right next to the private access points to the most popular cloud platforms, colocated hybrid cloud offers an attractive solution. Direct fibre links to private cloud access points eliminate public internet exposure and its ensuing security and performance risks. Meanwhile, the best colocation providers also ensure unbeatable multi-layer physical IT security – including infrastructure cages, strict access controls, 24×7 security patrols and CCTV surveillance.
Colocation may also bring access to a broad mix of managed security service providers sharing the same facility. With these organisations just a cross-connect away, businesses can make informed investments in secure and cost-effective interconnections to address specific cyber challenges – from identity and access management, to DDoS protection.
For any organisation worried about cloud security, the path is clear: head into the colocated hybrid cloud.