While the mantra ‘cloud first’ is becoming the ‘new normal’ for many organizations, significant challenges remain for organizations making this shift – especially those in regulated industries.
Fonte: 451 Alliance News Report
Cloud computing is changing how IT is consumed. The expectation of cloud is ‘build faster and run better at a lower cost.’ At the same time, the change required, coupled with the complexity and confusion in moving to cloud, represents the biggest IT challenge in decades.
Atop the list of key concerns and inhibitors for cloud adoption according to ongoing 451 Alliance survey data – security is the top inhibitor to cloud adoption.
Security Advantages of Public Cloud
Security encompasses the physical IT assets, availability of services, data governance, data protection and more.
Public clouds, such as Amazon’s AWS and Microsoft’s Azure, are extremely secure because providers have a vested business interest in being as durable as possible.
Advantages of public cloud services include:
· Access to a large pool of skilled experts that identify, contain and eradicate security threats
· Availability of incident response and malware protection
· Performance analysis through security intelligence systems powered by massive compute resources and data sets
· Choice of multiple deployment models and disaster-recovery profiles (e.g., hot, warm and cold)
· Embedded security intelligence in ‘as-a-service’ operations
· Alerts to subscribers of potential hazards and attacks
Public Cloud – A Shared Security Model
Amazon, Microsoft, Google and other hyperscalers have never lost a significant amount of customer data because they are only responsible for providing the platform, not for holding users’ hands.
Contrast this with a private cloud, where enterprises weigh security in balance with other considerations in the overall investment. It’s far more likely that enterprises will cut corners or suffer from security inexperience.
Public cloud providers’ security strategies eliminate as much inconsistency and variability as possible. This includes a clear demarcation between customer responsibilities and provider responsibilities.
Demarcation of responsibility is a key differentiator between public and private clouds.
Hyperscalers have a shared security model that puts this responsibility on end users. Cloud providers can secure the infrastructure itself, but end users are obligated to integrate security measures on their own to protect applications and workloads.
Users can fail by running insecure applications or making poor security choices.
Public cloud providers make their living by removing uncertainty from infrastructure – not from people.
Cloud is a Work in Progress
Most companies are not cloud-native, but as they make the shift to cloud they face challenges that require a new approach to security. It requires a comprehensive, proactive and adaptive threat protection model that is embedded into the fabric of the business.
Every company has its own unique risk profile, which is the result of being in a particular industry or geography. That profile will reflect whatever legacy, organizational, or institutionalized policies and behaviors are inherent to that company.
This ultimately is gating their use (or lack of use) of public cloud.
Views: 16