When it comes to Silicon Valley buzzwords, “the cloud” is one of the most ubiquitous and one of the most misunderstood. The cloud is essentially a network of computers that share resources amongst themselves in order to work more efficiently. When a business uploads information to the cloud, it is really sending it to a collection of servers in a building somewhere else. When a business uses a service or application on the cloud, it is accessing said service or application on a computer in a secondary location. The cloud, at its core, is really a large collection of computers that someone else owns, but which store information in a compartmentalized and secure fashion.
The cloud has expanded rapidly over the last few years, and it is continuing to change how businesses operate. The services offered on the cloud range from storage to software-defined data centers (SDDCs) to applications that offer software as a service (SaaS), infrastructure as a service (IaaS) or platform as a service (PaaS) capabilities. Each of these allows companies to tailor their usage of the cloud to meet their specific business needs. Additionally, the U.S. government is making use of the cloud at an accelerating rate. This has been happening for the same reason that businesses find the cloud useful – it is cheaper and more reliable. For example, the Government Accountability Office (GAO) found that the government was able to save $3.6 billion between 2011 and 2014 by increasing usage of the cloud. Even the Intelligence Community and the Department of Defense are switching over to the cloud, in an effort to both save money and improve security.
While some cloud services are up to the security standards of the Intelligence Community, anxiety about security remains a persistent barrier to cloud adoption. According to a study conducted by HyTrust, a cloud security firm, security issues were the most commonly cited concern in regards to moving to the cloud. Eric Chiu, president and co-founder of HyTrust, told the Cipher Brief that “sometimes there are disconnects between the C-suite and the network managers regarding an SDDC strategy, and often that’s related to change and concerns that change may impact cyber security.” Many executives believe that on-site facilities are inherently more secure than the cloud, which seems both more nebulous and less controlled than physical data centers. While they did not directly involve the cloud, the string of high-level network breaches over the course of the last few years has greatly elevated the importance of maintaining effective cybersecurity procedures in order to mitigate risk. Overcoming the perception of insecurity is likely going to be a major hurdle to continued use of the cloud by business.
That being said, the concerns of those executives are not without merit. While the cloud has grown rapidly over the last few years, it is still a fairly young technology and it is still developing. As a result, new security tools and new vulnerabilities are coming into existence fairly regularly. Beyond this, the cloud itself is decreasing the usefulness of many traditional cybersecurity tools. Mark Weatherford, of vArmour, believes that the advent of the cloud “means that the concept of a defensible perimeter that sees all of the traffic has disappeared and with that realization, traditional security products and controls that were designed to protect it are simply out of date.” Because of this, companies that want to switch to the cloud must also update their understanding of how to keep their information and processes secure. Adjusting to the new requirements of cloud-based data center security, versus physical data center security, can be difficult – but if not done correctly, it can lead to significant holes in a business’ security.
Despite these issues, the cloud is clearly here to stay. Both Weatherford and Chiu agree that adoption of the cloud will only continue, and that doing so will provide an array of benefits to businesses. Yet, some of these benefits will have the potential to cause security problems. The increased efficiency and agility brought about by the cloud requires security aforethought to pre-empt problems from cropping up later.
