Most data is more secure in the cloud, says Blenheim Chalcot CTO Ridley – www.computing.co.uk

admin on February 27, 2017 Leave a Comment

The list of concerns over adopting public cloud services has changed very little over the last five years. In every survey that Computing has conducted over that period security has come top, followed by issues related to control.

"I totally understand that, although I don't agree with it," said Mark Ridley, group technology officer at venture builder Blenheim Chalcot Accelerate, speaking during a Computing web seminar last week.

"When I first started looking after servers 20 years ago I was loathe even to put them into a managed hosting system. Those were the days of Windows NT when servers would go down all the time and I couldn't stand the thought of not being able to physically reboot the server when I needed to.

"I've had to go through an evolution in understanding security in the cloud," he added.

Ridley maintains that, with a few caveats, public cloud encourages greater security, not only because of the expertise that cloud providers can bring to bear, but also because using their services forces organisations to think about data security in greater detail.

"You have an illusion of control and security and governance by having everything being in one space, but actually you're probably not scrutinising your own organisation in the way you would a third party. The cloud provider is not necessarily a friendly actor, so making sure your data is protected against them can often lead to much higher levels of security than if you manage your own infrastructure."

This doesn't mean that all organisations should start putting sensitive data in the cloud, however. For a start, many do not have the right skills and culture to properly manage cloud services.

"You need an organisational change to use the cloud and some companies aren't ready, so they'd be better off with hosting or a private cloud," Ridley said.

"The organisation needs to change the way it looks at security, and it could be that you simply have the wrong sort of people in your organisation. They could be comfortable with thinking that security stops with the firewall, but that changes completely with cloud."

Another caveat is the type of data you might wish to process and store. For example, US cloud providers are legally obliged to allow US government agencies to access their systems. State interceptions have been shown by the documents leaked by Edward Snowden to be motivated by industrial espionage as well as issues of national security. Intrusive laws are being introduced by other countries too, including the UK.

"When you start looking at the public cloud you have to look at how you protect data from government activity," Ridley said, explaining that this too requires fundamental changes in organisational thinking.

"If I'm dealing with very sensitive data then suddenly I'm thinking how do I encrypt every bit of that data in transit and at rest, how do I manage the keys and do I need hardware key management. Suddenly the way you have to think about security completely changes and the organisation needs to change too."

Overall, though, Ridley believes that for most cases security is improved by moving operations to the cloud, and that proving compliance certainly becomes a whole lot easier.

"If you're selling a b2b service and going through lots of compliance checks it will be easier to say I'm with Amazon or Microsoft or Google and here is my box-ticking exercise'. It will be easier for vendors and consumers to understand the compliance measures in place," he said.

Read the original here:
Most data is more secure in the cloud, says Blenheim Chalcot CTO Ridley - http://www.computing.co.uk

Related Posts
Posted in Cloud Servers

Comments are closed.