Is Cloud Secure

So, we are in the business of securing people’s applications, have hundreds of customer who trust us for improving the security posture of their web assets. We have been around for a while and many of our customer have been around much longer than us. In other words these serious enterprises across BFSI (Banking, Financial services and Insurance), large conglomerates with diverse businesses, Government entities and retails (both online and brick-and-mortar) have legacy infrastructure. These are #1 or #2 players in their own verticals and industries, these businesses have serious infrastructure requirements and have undoubtedly started looking at Cloud.

Aaha the mythical cloud, utopia it promises and all the benefits. But for the fact that is is not mythical at all, no sir, not at all. Cloud is as real as the hard-drive in your laptop. Today, IT departments are thinking about a “Cloud Strategy” in few quarters – yes quarters, you read that right – your Cloud Strategy will be your STRATEGY. Cloud would be so prevalent and in-you-face that you will not ask the question of “if” when talking about cloud, you will only plan the “When and How, or how fast” part of the strategy.

As someone graduates to being a believer of Cloudism, shall we call them a newly minted Cloudist. Some Cloudist start doubting the “security” of their newly subscribed infrastructure religion. They wonder “Is cloud secure”, start getting cold feet about letting go of their old “on premise” religions. They wonder whether they will be as secure as they used to be in the dark ages rules by “on premise-ism”.

I say, “In Cloud we Trust”.

Is Cloud Secure?, that question is a blasphemy, it is sac-religious, it is a crime to think about security in that manner. Accept it, it is plain dumb to think about just one aspect of a complex decision like cloud, isolation is anti-cloudism. It is like asking “is travel by car safe”, well it depends on:

  1. Your driver – if he has had five accidents in last week, you better rethink. OR
  2. The make and model of the car – I feel much safer personally if it was a Volvo. OR
  3. The road – I will pass on travel by car in Iraq this year, or decade. Thank you very much.

Don’t ask if the “Cloud is Secure”, dig deeper, look at the cloud provider’s track record, understand the security policies in place, review the third party certifications and audits that they have done. Have they thought about security at all the layers? Are they operating fully redundant, highly encrypted and fortified storage systems? Are they fanatical about physical security of the datacenter assets? What is their disaster recovery strategy? What happens if their vendors go out of business, will your cloud vendor be able to still deliver the data that was backed up on their tape storage? Do they hire people with verifiable and clean backgrounds? How about their application layer security?

I doubt if any enterprise that is not focused on “Cloud infrastructure” can secure your infrastructure as well as the professionals at most leading cloud vendors of the day. That includes your own operations folks too. However well-meaning and capable they maybe, do not expect them to be Batman or Superman of the infrastructure world. Even if you manage to hire the Yoda of security, can he defend you from the Darth Vader of cyber espionage?

You are better off relying on the “highly trained and focused security professionals at leading cloud providers”, why DIY (Do-it-yourself) when you have a DIFM (do-it-for-me) option available in terms of outsourcing your infrastructure. Look into it, I am sure it will be cheaper and definitely more secure.

So next time, a cloudist is in doubt, just clam them and say “In Cloud we Trust”.