The trend started early this century when cloud applications such as Salesforce, Google Apps and NetSuite gained attention. During the 2010s, usage blossomed as organisations adopted a ‘cloud- first’ strategy and made use of platforms like Amazon AWS, Microsoft Azure and Google Cloud to test and run services.
Now, in the 2020s, businesses are harnessing their existing cloud investments, formalising multi- cloud and hybrid cloud strategies, and clawing back control via consoles that offer visibility and manageability over increasingly disparate infrastructures.
Today, the question being asked is more likely ‘why not cloud?’ than ‘why cloud?’ It’s become default deployment mode for new IT, however this doesn’t mean that it carries no risk. In tandem to this pace of IT change has been a rapidly evolving cyberthreat landscape that now can undermine security on every infrastructure imaginable.
The cloud is not bullet proof
Cloud computing is mushrooming and we’re entering a new era where tactical investments are becoming strategic. Organisations now depend on cloud services, even if users don’t realise where their data is residing or travelling at any given point in time. They are happy in the belief that their data is somehow safe and looked after by the internet and cloud giants. However, there is one big question: what happens when it all goes down?
Cloud services are certainly not immune from outages, hacking, acts of God or worse. During 2019, Office 365 Exchange Online went down, shortly followed by other Microsoft services. Then there was Google Gmail and Drive, Azure, Google Cloud, Salesforce, AWS and more consumer platforms such as Facebook, Instagram, and Apple Cloud. If these mega-forces can go down, anything can, so we need to have a plan to rapidly restore when the worst-case scenario strikes.
The truth of the matter is that cloud security is a shared responsibility. In an effort to educate cloud customers on what's required of them, cloud provider giants have created a cloud Shared Responsibility Model (SRM).
In essence, the SRM denotes that customers are responsible for protecting the security of their data that resides in the cloud, just as they are responsible for it on-premises. Customers are wholly responsible for protecting the security of their data and identities, on-premises resources, and the cloud components they control.
Security for the cloud
What’s therefore required is a web-scale design that can consolidate workloads, data, and apps onto one platform for recovery. This moves companies away from being vulnerable to a single point of failure and makes their overall infrastructure more resilient. Today, having a recovery backstop for if (or when) your cloud service provider has an outage is important for both business continuity and regulatory governance.
The conversation around securing enterprise data and infrastructure has inevitably shifted with cloud services arriving and maturing, and has now moved on. How a customer manages their data both on-premises, in the cloud and the edge and the subsequent protection dictates the success of their IT strategy.
It’s important to consider the implications of a cloud outage well before such an event occurs. Failure to take pre-emptive steps could result in significant business disruption and a major hit to the bottom line.
Making use of cloud resources is a powerful choice for organisations, but they need to remember that they can’t also outsource responsibility for security. How would you fare if your cloud provider went dark?