Worried About Cloud Security? Your Problem Is Closer to Home

by Dave Moorman

Cloud computing, as you may have heard, is an environment where a company’s data, programs and other IT assets are hosted off-site on either shared or private servers and then delivered on demand through high-speed Internet connections. This not only can reduce costs but also can enable remote productivity by giving employees access to corporate resources from home or on the road.

One objection I hear to cloud computing is security. The media has done a great job in recent years of promoting the concept that cloud computing environments aren’t secure.

Since “the cloud” is an aggregate term used to describe solutions where data, programs, and/or infrastructure are stored remotely and run over the Internet, it is certainly possible for a cloud computing solution to have security flaws.
However, “cloud” computing environments running from best-practices data centers (like the ones DynaSis operates), are remarkably secure.

The relative safety of the cloud was borne out in a report released recently by security provider Alert Logic. The company surveyed 1600 firms and compared the number of incidents reported for on-premise (in-house) installed and managed hardware environments versus service-provider solutions including virtual, managed and dedicated environments (more about these three options in a future article).

In five out of seven vulnerability categories, companies with in-house installed and managed hardware reported a higher percentage of incidents than companies using cloud service providers, sometimes by a dramatic margin. More importantly, because service providers manage environments for multiple customers, the number of incidents per impacted customer was lower in every category for service providers than for on-premise installations.

Here are a few highlights:

1. App attacks (attacks by a malicious application executing code on the system): These were experienced by 18% of on-premise installations, but only 1% of service-provider environments.
2. Malware/botnet attacks: On-premise customers, on average, experienced 29 of these incidents; compared with 6 for service-provider customers.
3. Brute force attacks (a computerized effort to decrypt data such as passwords by trying random combinations) occurred at a rate of 72 incidents per on-premise customer versus 46 for service-provider customers.

Our prospective customers sometimes express concern about “losing control” of their IT assets by moving to cloud computing or even allowing us to manage their on-premise IT infrastructure. It’s a fact that more criminals are targeting smaller firms (perhaps because they are perceived as being more vulnerable). If you become the target of a cyber-criminal, you’re already in a position to lose control of your assets. Isn’t it better to give your firm the least exposure possible?