The public cloud is not safe – and it's your fault

Keeping it local

Companies increasingly want to keep it local. In the US and other large countries that makes little sense, but in Europe it's becoming a noticeable trend. "There is a clear trend in Europe towards vendors with data centres in the local countries, non-US based vendors or private cloud offerings," says Adelberger. Companies want to know where the data resides, and what security level is provided.

The knee-jerk is to trust on-premises data storage more than public cloud solutions, though the former comes with its own cons. "If the company uses a highly secure firewall, an on-premise solution will likely be quite secure," says Adelberger, "but the disadvantage is not security, but the lack of availability, and the risk of data loss in case of disaster."

If an IT infrastructure gets destroyed, everything that was on-premise is lost. The advice for any company not ready to face the cons of on-premises or of the public cloud are simple – opt for a virtual private cloud.

On-premise data storage comes with its own dangers

On-premise data storage comes with its own dangers

Microsoft's message

Satya Nadella, CEO at Microsoft, insisted recently that his company pumps $1 billion (around £660 million AU$1.4 billion) into security R&D annually, including for its Azure public cloud.

"As a high-profile operation Microsoft has long been a target for attackers, and with the cloud and mobile the baseline for the company strategy, the security stakes are increasing," says Angela Eager, Research Director at TechMarketView. "Microsoft needs to protect its assets and its customers, of course, but the renewed security strategy will also help push its cloud services, especially Azure where acquisitions have been made to bolster security," she adds.

Microsoft is looking to build an Azure Rights Management Service using its recent buyout of Secure Islands (which secures data for UBS, Vodafone and Credit Suisse).

"Microsoft's message is that it can be trusted to do its best to provide protection in a perimeter-less environment," adds Eager, who thinks that the new reality is that the cloud and mobile devices makes every supplier a security supplier.

Staying in control

The fact that the cloud can be used by non-IT-savvy staff is a good thing – that's kind of the point of it. However, it's got to be compatible with the security policies set up by the IT team.

"IT needs to stay in control of company data and its flow," says Adelberger, who recommends using cloud access security broker products. "But still IT needs to make sure that all access from all devices involving company data really go through that solution," she adds. "If not, a company can offer their employees an alternative solution using a private cloud."

If widespread use of Dropbox comes to the fore it's not time for a crackdown by IT, it's time for a rethink.

Demand transparency from any cloud provider

Demand transparency from any cloud provider

Abandon the cloud?

Security concerns are no reason to abandon the cloud, but the public cloud is only secure if a company explicitly makes it so. "There are so many different offerings nowadays," says Adelberger. "Know your requirements, demand transparency from the solution provider and don't risk your business."

However tempting the public cloud may be, the level of security, privacy and service will drastically differ. Companies paying by the gigabyte should be careful, thinks Adelberger, who adds: "There is no such thing as a free lunch."

TOPICS
Jamie Carter

Jamie is a freelance tech, travel and space journalist based in the UK. He’s been writing regularly for Techradar since it was launched in 2008 and also writes regularly for Forbes, The Telegraph, the South China Morning Post, Sky & Telescope and the Sky At Night magazine as well as other Future titles T3, Digital Camera World, All About Space and Space.com. He also edits two of his own websites, TravGear.com and WhenIsTheNextEclipse.com that reflect his obsession with travel gear and solar eclipse travel. He is the author of A Stargazing Program For Beginners (Springer, 2015),