Skip to main content

Security in the cloud: myths and realities


The several high-profile data breaches in the past few years have definitely ratcheted up companies’ attention to securing and safeguarding their data. This, of course, isn’t news to cloud providers. After all, it’s their business to protect customers’ data. Yet myths persist when it comes to cloud and security, and that needlessly complicates companies’ decisions about moving to the cloud. So I’d like to take a few minutes here to dispel five prominent myths so you can make more-informed decisions about the role of security in your own journey to cloud.

#1: "Cloud is inherently insecure"
This is probably one of the biggest and most stubborn myths about the cloud. Cloud providers take security extremely seriously. They have to—otherwise, they’d have no business. Plus, they’re subject to myriad regulatory bodies and compliance requirements. They employ dozens of different security frameworks and controls—many more than the typical company uses in its own facilities. The fact is, data in the cloud is likely more secure than that in the average company’s data centers.

#2: "There are more breaches in the cloud"
Another myth, related to the first one. Just because the cloud environment is “out there” doesn't mean that it experiences more breaches. Many more security tools are available today that didn’t exist before, and cloud providers (as well as Accenture) use them to put up the best defenses possible against the bad guys looking to exploit vulnerabilities.

#3: "It’s critical for me to have physical control of my data for it to be secure”
This isn’t true. Top-notch data security hinges more on who has access to data rather than the extent to which you can “touch and feel” your servers and disks. This means it’s critical to set up the right encryption and controls for the right sets of data to ensure only those who have permission to use that data can access it.
Top-notch data security hinges more on who has access to data rather than the extent to which you can “touch and feel” your servers and disks

#4: "I can easily use my current security tools in the cloud"
I get asked this a lot: "Can I bring my tool sets that I'm using in my data center over to the cloud?" The answer is no. Some of those tools will work. But because they're built for a data center, most won’t be able to deal with cloud-specific concerns, such security groups being able to be changed on the fly, and rolling out application code without going through a DevOps security process.
#5: "Security maintenance in the cloud will be really complex and different"
False. While the specific tools are different, all of the best practices and operational procedures for security maintenance you had in place before moving to the cloud can still be used to monitor and maintain security in your cloud environment. They will just need to be tweaked somewhat.
Image
No doubt, security in the cloud is a big deal. That’s why Accenture has made security a foundational element of our cloud management platform, Accenture Cloud Platform (ACP). ACP enables clients to manage security through a single control plane instead of using multiple tools.
Advantages of a single control plane to manage security:
  • Visibility to the entire cloud estate
  • Make sure resources are securely configured
  • Track who's doing what
  • Receive alerts on non-compliant activities
  • Deal with specific incidents or issues
A cloud management platform should be based on a set of security standards and security best practices that cover the full range of controls necessary to create a secure environment. And with PCI- and HIPAA-compliant blueprints, organizations can deploy a complete environment that will pass a PCI or a HIPAA audit. Finally, organizations should be able to automate the deployment of a full range of key security activities. These include identity and access management, authentication, web application firewalls, security configuration monitoring, and threat and vulnerability management.
Companies certainly face a lot of questions when moving to the cloud, and many will encounter obstacles along the way. But with the robust tools and practices now available, security shouldn’t be one of them.

By: Charles Radi
      Global Managing Director & Chief Information Security Officer (CISO) 
      Accenture Cloud Platform

Popular Posts

Life at Finetech - Episode 2 - Support Engineering

Transform item advancements into key customer arrangements. The foundation of Finetech prosperity, the record directors, specialists, administrators, and experts in these parts are altogether devoted to first rate customer support. 

In the case of consulting with 300 organizations around Sri Lanka and abroad, explaining specialized difficulties for independent companies, or surfacing item advertisements in simply the correct place, we grow new business openings while expanding the utilization of our item offerings.

Finetech Support Team , is playing an important role in the field of business.Lets hear about the experience of the Support Engineering team.

This is Chamathka Fernando , Renewal & Customer Support specialist at Finetech.

7 years of previous experience while achieving a Degree in Business management , HND in Human Resource Management  ( University of Dublin)  and HND in Marketing. She is also an Old Bridgateen with passion and well known for undertaking and consulting the e…

Life at Finetech - Episode 4 - Software Engineering 1

In the case of consulting with 400+ organizations around Sri Lanka and abroad, explaining specialized difficulties for independent companies, and providing with significant solutions, we grow new business openings while expanding the utilization of our item offerings.
Finetech Software Team, is playing an important role in the field of business. Lets hear about the experience of the Software Engineering Team.
The team is crushing it — the road-map is clear, features are taking shape. The product manager is happy with the progress. Engineers are excited about their tasks upto now. Maintaining that rhythm is the first pillar of the tech lead’s job. Lets hear the story of Tech Lead @ Finetech.
Raminda Dayananda- Tech Lead



5 years of experience while achieving a Bsc Degree in Management and IT from University of Kelaniya, He is also an old Maliyadevian with passion and well known for undertaking and leading the software engineering team at Finetech.

Let's hear what Raminda says,

" It …

Life at Finetech - Episode 5 - Software Engineering 2

In the earlier article it was only about one fourth of our software team, today’s interview is about few more people .The team of Jagath, Chamini, Kalana, Chamath & Ajantha, is playing an essential role to make sure the software team is going. Also the contribution they make cannot be measured.

Jagath Priyashantha - Software Engineer

Jagath has completed his BSc in (Software Engineering) at Java Institute while achieving Diploma in BIT, Graphic Designing (IBTS), Professional Certification in Java Technology at Java Institute. Jagath is a product  of St. Peter’s College, Negombo.

Let’s see what software engineer "Jaga" has to say,

As a software engineer, I work in a constantly evolving environment, due to technological advances and the strategic direction of the organisation. We create, maintain, audit and improve systems to meet particular needs, often as advised by a systems analyst or architect, testing software systems to diagnose and resolve system faults.

To do all this…