Cloud security

The Cloud is Both More and Less Secure than you Think

August 12, 2014 by Debra Littlejohn Shinder

At the beginning of this year, an Intermap poll found that cloud security is still a major obstacle to cloud adoption, with 40% of respondents still wary of going to the cloud for that reason, although many experts, such as the panel at the most recent RSA Conference, say that cloud security concerns are overblown. What’s the real story?

With all the big technology companies pushing cloud services – in which they have a vested interest – to their customers, it’s understandable that businesses are unsure about whether tech industry professionals are giving unbiased opinions or just thinly disguised sales jobs.

The good news is that surveys also indicate that those who have already transitioned to the cloud are less likely to have security worries. That could mean they’re justifying their decision – or it could mean that as with so many things in life, it’s fear of the unknown rather than real danger that is behind the apprehension about the cloud.

Certainly it makes sense to look before you leap. High profile security breaches, such as reports in January of this year that hackers were collecting data from thousands of LinkedIn accounts using Amazon’s data center systems, don’t inspire confidence.

Speaking of unknowns, one big problem with the cloud is that in many cases you don’t even know where your data is stored, much less how and by whom it’s being handled. It’s hard to hand over mission-critical and sensitive information to an undefined “someone” in an “undisclosed location.” Another presentation at this year’s RSA was entitled The Security Staff and Skills Shortage is Worse than you Think. Companies are wondering just how that shortage might affect the cloud providers and their ability to protect the data entrusted to them.

Of course, it’s reasonable to assume that companies such as Google, Microsoft and Amazon, which often make the lists of best companies to work for, have the resources to attract the best in the business. These behemoths also have the means to pour much more money into securing their operations than the average business, so that expertise plus technological and physical security assets can make it far more difficult to penetrate a big cloud data center than an on-premises network.

In fact, the reason cloud providers don’t publicly release the locations of their data centers is for better security. In my multi-part article on Your Office in the Cloud,I go into detail about some of the advanced security measures that Microsoft and Google have implemented at their data centers.

The other side of that coin is that precisely because there is such a wealth of data stored in these centers, they make a very attractive target for hackers who might never bother trying to break into the average small or midsize business’s network. Sure, that’s just a form of security through obscurity, but it’s one of many considerations when assessing the real risks of cloud vs. on-premises security. And there is no way around the fact that when data travels across the Internet, it’s exposed to more (or at least different) risks than when it sits snugly on a hard drive somewhere on your premises.

In the end, the cloud is neither as scary as the doubters fear nor as super-secure as the providers would have you believe. The truth lies somewhere in between. Much depends on which cloud provider you select and in some cases, which of the provider’s plans you choose. Navigating the burgeoning cloud provider landscape can be a challenge even for the technically astute, since this is a whole new ballgame for many of us. The first step is to understand how cloud computing works and the second step is to learn what criteria are important and how to decipher and negotiate the best service contract. Toward that end, you can check out my series on Selecting a Cloud Provider over on

Posted: August 12, 2014
Debra Littlejohn Shinder
View Profile

Debra Littlejohn Shinder, MCSE, MVP (Security) is a technology consultant, trainer and writer who has authored a number of books on computer operating systems, networking, and security. She is also a tech editor, developmental editor and contributor to over 20 additional books. Her articles are regularly published on TechRepublic's TechProGuild Web site and, and has appeared in print magazines such as Windows IT Pro (formerly Windows & .NET) Magazine. She has authored training material, corporate whitepapers, marketing material, and product documentation for Microsoft Corporation, Hewlett-Packard, DigitalThink, GFI Software, Sunbelt Software, CNET andother technology companies.