Dismantling the Myth of Cloud Vulnerability
A common misconception in the IT industry is that traditional on-premise systems are inherently more secure than those hosted in the cloud. There are many benefits of cloud hosting, like eliminating the time and effort associated with infrastructure maintenance while also providing enhanced security to your organization. In this piece, I’ll focus on the security aspect to relieve any concerns organizations may have about updating to a modern cloud-hosted system. While some of what I’ll cover here is specific to how Info Tech, Inc. provides hosting services, the vast majority are standard across the industry.
Before we delve into standard cloud security practices, let’s talk a little about the perception that on-premise systems provide greater security. It’s understandable; it’s a system your organization controls, and control gives the illusion of security. There’s a sense of safety behind your organization’s firewall, but security at the perimeter does not protect against internal threats. Whether that means a deceptive email that shouldn’t be opened, a disgruntled employee, or a vulnerability created by lack of updates, there are plenty of opportunities to wreak havoc from within.
So what are some standard cloud security practices that make cloud hosting more secure?
Reason #1: Constant Vigilance
A good comparison to the cloud hosting industry is the autonomous vehicle industry. Both are relatively new technologies that are subject to heightened visibility in the public eye. In the same way a self-driving car accident sets back the entire industry, a large-scale security breach of a cloud hosting service could cause major damage to how the technology is perceived. Additionally, the security of cloud-hosted systems is inherently questioned rather than inherently trusted like it typically is for on-premise systems. For these reasons, security is always part of the conversation and a top priority for cloud-hosted systems - which leads us to the next point.
Reason #2: Hosting Provider Accountability and Expertise
With cloud-hosted systems, security accountability and expertise responsibilities are transferred offsite. Keep in mind that your on-premise IT infrastructure is only as strong as your own IT professionals. Joe in IT is really great, but if he gets the flu and crucial updates don’t get applied as a result, that could spell disaster for your important data. With cloud hosting, you’re utilizing a team of professionals dedicated to protecting your information at all costs through your hosting services provider. You’re also protected by public cloud providers like Amazon Web Services that have top-notch physical security and network security including many built-in features such as mechanisms to prevent Distributed Denial-of-Service (DDoS) attacks.
The Scale of AWS:
- ~2 million servers worldwide
- 51% of the cloud-hosting market
- Active in 190 countries
- 1 million+ customers as of 2016
- A peak of 12.9m requests per second in 2017
Reason #3: Limited Exposure and Access
As I mentioned earlier, on-premise systems are typically highly focused on ingress and egress points to protect from external attacks. That leaves systems open to internal issues. It’s like the human body; it doesn’t matter how thick your skin is, if someone at the heart of your organization clicks a link or opens an email they shouldn’t, everything can fall into chaos. The security philosophy in cloud-hosted systems is usually more holistic than on-premise; access to internal systems even from other internal systems is highly restricted.
Going The Extra Mile to Support Secure Cloud-Hosted Systems
Info Tech takes a number of actions to ensure security within our cloud hosting services. These elements aren’t necessarily universal, but the following are actions we take to ensure added security within its cloud hosting services:
- Thorough Encryption: Everything is encrypted at rest (stored) and in transit (traveling from endpoint to endpoint)
- Regular Updates: Windows often finds potential security vulnerabilities and releases updates to patch them. We apply these patches on a weekly basis as available.
- Minimal Attack Surface Area: The only resources that are publicly accessible are application proxy servers which have no data or applications other than the proxy features on them. Access is restricted to only the necessary ports and protocols.
- Regular Security Scans and External Audits: We perform quarterly security scans and have an annual security assessment done by an external auditor. We recently earned SOC 2 Type I compliance. More information on that can be found here.
- Backups and Redundancies: While not necessarily a security factor itself, backups and redundancies are vital to recoverability in the unlikely event something does go wrong. We provide regular nightly backups and multiple layers of redundancy that can readily be incorporated into a robust and reliable solution.
Hopefully, this information helps correct the common misconceptions about security in a cloud-hosted system. If you have any additional questions, feel free to reach out to me at marty.provost@infotechfl.com. For more information on Info Tech and hosting services we provide, visit https://www.infotechfl.com/aashto#hosting.