What Does it Really Mean to Store Data “in the Cloud,” and is it Safe?
by Brian Francis on May 28, 2019
Technology has always been a buzzword-rich environment. One of the biggest challenges for business leaders is to see through the buzzwords and look for what will actually drive business value for their organizations. In the ’90s, “the Web” was the buzzword everyone wanted to be a part of but very few truly understood. In the 2000s, it was “mobile,” and now one of the big ones is “the Cloud.”
What does it really mean to be in the Cloud, and should companies be scared about conducting their business there?
When talking about the Cloud in this context, we are referring to the Public Cloud: enterprise-scale data centers run by companies such as Google, Amazon and Microsoft that make various computing resources available to companies and consumers over the internet. Cloud services can be as simple as file storage (think Google Drive or Dropbox) or hosted email (such as Gmail or Office 365, among others), but they can also support very complex computing and business needs.
At FormFree, we chose to move our data center to the Cloud back in [year] so we could focus on our business mission of perfecting assessment of a borrower’s ability to pay instead of spending resources and capital on building out, maintaining, upgrading and operating a traditional data center. This is a conscious choice many other world-classes organizations have made, and like them, we had to ensure the Public Cloud could meet our requirements around security, reliability and scalability. And to do that, we had to uncover and dispel some of the myths around the Public Cloud.
Myth 1: The Public Cloud isn’t secure
The myth that the Public Cloud is unsafe is widespread — and easy to dispel. Is the Public Cloud different from a traditional data center? Sure it is. But does that make is less secure? The absolute answer is no!
In reality, Public Cloud security is in many cases better than on-premises security. Nearly every company that operates an on-site data center is in the business of something other than operating on-site data centers. Their focus is on operating their core business.
My point is that a business that specializes in making widgets is unlikely to recruit one of the top cybersecurity experts in the business to secure their data center, because those individuals are prohibitively expensive and already employed — most likely by a company that actually specializes in secure data storage, such as a Public Cloud provider.
Contrary to popular belief, there have been very few security breaches in the Public Cloud; most breaches continue to involve on-premises data center environments. In cases where information in the Public Cloud has been compromised, it’s usually been the fault of the application running in the Cloud, not the underlying infrastructure. Which leads me to the next myth.
Myth 2: Security is the responsibility of the Cloud service provider
A growth-phase company like FormFree can essentially stand up an enterprise-quality infrastructure overnight using the Public Cloud. There are a lot of inherent advantages in that; someone else has already done the heavy lifting, and you don’t need to buy a single server, much less build out an entire data center, so you can focus on delivering core business value.
But this doesn’t mean you can forget all about security. You’re still responsible for protecting your customers’ data and securing your applications that work with that data. So it is a shared responsibility: both you and your Cloud provider have to do your part for security to be effective. The great thing is that the major Cloud services providers have been investing heavily in securing their platforms, and they often provide the tools you need to secure your part.
The bottom line is that the Public Cloud isn’t some big, unknown monster that is going to consume your business and steal your customers. Nor is it a digital wild west where security is thrown out the window. It is simply the logical virtualization of the old-school physical data center model with most of the underlying guts taken care of for you. It’s like the plumbing in your house. Do you need to manage the physical connection to the water main, install and adjust pressure relief valves and properly size water heater expansion tanks? No, that infrastructure is in place for you. You are responsible for ensuring the work was done by a qualified professional and doing your part to ensure the system is well maintained — beyond that, all you have to do is turn on the tap and out comes water.