There’s no doubt that choosing to upload your data to the cloud offers many advantages: it’s inexpensive and easy to access, it doesn’t require maintaining your own hardware and you’ve got experts on-call if there’s ever an issue. All these advantages have proven that cloud platforms are a necessary and vital tool for the advancement of modern-day industry. However, some issues are still a challenge for the online world, first of all that of protecting sensitive data.
In fact, in discussions around cloud computing, security is often highest on the list of concerns. No matter how many protections cloud vendors put onto their files, there is still an inherent perception that once data is outside of an organization’s direct control, it has lower overall security. Questions of privacy and data sovereignty are still the biggest factors holding many companies back from embracing cloud-based services.
While the concern is understandable, (data is among the most strategic and important assets an organization has!) today’s reality is that—when done right—data security in cloud computing can be as good or better than it is in traditional on-premise IT platforms. In the words of Eran Feiganbaum, director of security for Google Apps “Cloud computing, when IT software and services are delivered over the web and through a browser, is a paradigm shift, similar to taking your jewelry out of your sock drawer and placing it in the bank” (Source: Google’s blog) .
But why data security in cloud computing can be better than in traditional IT? In order to answer this question, it could be useful to begin with the usual cloud computing definition. Cloud computing is the delivery of computing services—servers, storage, databases, networking, software, analytics, and more—over the Internet (“the cloud”). Cloud services are typically classified into three broad categories: infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (Saas).
IaaS is the virtual delivery of computing resources in the form of hardware, networking, and storage services. Rather than buying and installing the required resources, with IaaS you rent IT infrastructure from a cloud provider and only pay for the resources you consume.
PaaS is a cloud computing service that supplies an environment for software application development.
SaaS is a way of delivering software applications over the Internet with a subscription-based pricing model. The SaaS model eliminates the need for businesses to install or manage the software at an office location. While the application is hosted at a central location, businesses can easily access that software via the Internet using any device, anytime and from any location.
It’s clear that, by its very nature, cloud computing involves some ceding of control from the customer to the service provider. However, control does not mean security. In fact, data security in cloud computing is potentially superior to security in the typical corporate data center. This is because your cloud provider’s staff really has only one job: to protect your data. One result is that cloud provider’s staff brings a level of expertise in data security operations that many corporations cannot reach. Moreover, since security costs are spread among a large number of customers in cloud data centers, cloud operators have the resources to put security measures in place for protection that cannot be achieved at home, or on the corporate network.
Geographical diversity is another significant benefit of keeping data in the cloud. Because your cloud provider isn’t located where you are, you can avoid the likelihood of a single event taking out both your data center and your critical data. If you choose well, your cloud provider will have geographically diverse data centers, so your data is preserved in more than one place.
Add this to the reputational and business damage that a cloud provider would suffer should their data not be secure and it’s easy to see why it’s in their vested interest to uphold high levels of security.