Clement Goh, Managing Director at Equinix South Asia
Security is always of special concern to current cloud users and would-be adopters. The consequences of a breach are just too devastating to take a “wait and see” approach. When respondents to the RightScale 2016 State of the Cloud Report listed their top cloud challenges, 29% named security, making it the second-most cited concern. According to a 2016 study by Ponemon Institute, this comes as no surprise as the average consolidated total cost of a data breach would be USD$4 million, or USD$158 per lost or stolen record. That’s not even including the non-tangible damage to a company’s reputation and customer confidence.
With the expected continued proliferation of the cloud and interrelated technologies in 2017, the security challenges of enterprises will be greater than ever before. There’s never been a better time for companies to have sound digital security strategies in place. This is especially so when you consider the new ways enterprises were attacked in 2016.
In a new spin on a classic distributed denial of service (DDoS) attack, the attackers used “an army of hijacked security cameras and video recorders” to flood their US-based targets with so much network traffic that it knocked them offline. As many as a million security cameras, video recorders and other infected devices were used in the assault – prompting fresh concerns about the vulnerability of millions of devices in both businesses and homes connected to the Internet.
Cloud is more secure now than ever – and will only be better
Perhaps as a response, enterprises are beginning to embrace cloud services more than ever because of the advancements in cloud security – amongst other benefits such as increased reliability and scalability. A survey conducted by Clutch last year found that 64% of enterprises consider cloud infrastructure a “more secure” alternative to legacy systems, and 22% perceive security as a top benefit of the cloud.
With cloud services, a significant burden of security updates is taken off enterprises. Enterprises often fall behind on such updates and this opens up major security holes. Furthermore, most cloud services are audited on a yearly basis – more often than most on-premises infrastructure deployments. Cloud-based security also offers 24-hour monitoring, speed of implementation, ease of maintenance, and economies of scale that increase the scope and effectiveness of security programs at lower cost. In fact, cloud-based security services are offered for specialized attacks such as DDoS.
In the same survey, 5% of enterprise respondents implemented security measures beyond those provided by the cloud vendor with more than half of the respondents spending up to USD$500,000 annually on these additional measures.
One example of such additional measures would be the establishment of new, direct interconnection strategy between enterprises and cloud service providers because no connection is as safe as a private connection. Interconnection is the ability to connect in many ways to the many partners, customers, employees and geographies to accelerate business performance. Having a physical presence in a vendor-neutral data center of a multi-national data center provider enables enterprises to privately and directly connect to other key IT stakeholders on a local, regional or global level.
In addition to reducing the “cyber-attack surface”, private and direct connections also eliminate the risks of backhauling cloud traffic to remote data centers via the Internet or over multiple “hops” in a long-haul network. Enterprises can also deliver security services locally, closer to users, data and clouds. Data residency and compliance can be maintained by interconnecting cloud-based services, such as real-time analytics, next to local data - keeping it where it was created.
It’s no longer a ‘cloudy’ road ahead
Cloud security has long gotten a bad rap due to the perception that it’s more vulnerable to cybersecurity attacks, especially when connected to the public Internet. With the current state of cloud and its private connection offering, enterprises choose to embrace the cloud now can rest assured that it wouldn’t ‘cloud up’ in their digital transformation journey. Enhanced security can now be achieved by filling up security gaps in their cloud provider infrastructure and constructing the best, most secure hybrid cloud architecture for their needs.
As such, it’s no longer a matter of whether the cloud is or isn’t secure for enterprises. It’s really about crafting a detailed strategy and architecture that delivers the exact level of security and compliance they require.
With rapid evolving security threats, we feel that 2017 will be the year enterprises finally realise how cloud can be a crucial piece of their cybersecurity architecture instead of vulnerability. In fact, we fully expect cloud to exceed all expectations in this area.
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!