As a Cloud Service Provider, day in and day out we have been meeting up with prospects and customers to evangelize about the goodness of cloud for their business. One of the main concerns that they always asked, “Is the cloud really safe?”, “Is the cloud secure?”, “Will the Cloud providers like Microsoft, Amazon, Google, AliBaba look at their data?” or “How about compliance?”.
The short answer to whether cloud is safe is “Yes!”.
Here are a few points(based on my opinion) why cloud is safe for your company.
How much do we spend on security anyway?
1. Your Server Room
When we talk about security in our environment, first we need to invest onto security. A typical small-medium business in Malaysia will probably invest on a Firewall as well as ensuring each end-point has an anti-virus software installed to protect their environment. That is the least their IT team can do to protect their company’s environment. The estimated small-medium business owners may spend about RM50k to RM100k to invest in their security systems for a 250 user environment. That is IF the business owners spent on security. In a news article which we picked up, it was reported that SMEs still find it costly and unnecessary to spend on security according to NSFocus, a security firm.
2. A Local Data Centre
i-Tech owns a Data Centre called SAFEHOUSE. We spent almost half a million ringgit in our security investments such as Firewalls, DDOS and Intrusion Protection Systems, and security team to maintain a secure environment for our customers to be hosted in. A typical data centre in Malaysia may spend more or less that budget depending on the capacity of the data centres.
3. The Public Cloud
Do you know that Microsoft invests 1 BILLION in US dollars on their cloud computing security each year? You can read more about it here. Every second, Microsoft adds hundreds of gigabytes worth of telemetry to its Intelligent Security Graph. Microsoft also scans about 400 billion emails for malware and phishing scams each month through Office 365 and Outlook. Not only their security systems fend off attacks, but also has the ability to learn about the attacks to improve on their security.
Which environment do you think is the most secure to host your systems in the comparisons above?
A) Your office server room
B) A local data centre
C) Public Cloud Environment
Who is on the Public Cloud?
If we visit Public Cloud providers’ website like AWS or Microsoft, you will see hundreds if not thousands of notable brands who have already embraced the Cloud. A few examples we can see are the likes of AirAsia, Astro, Malaysian Airlines, GE, Lafarge, iFlix, DBS Bank, Expedia, Universiti Sains Malaysia and many more.
You can see visit the website links below for your reference:
Microsoft Azure Customers
We can be sure that all of these customers are very concern about security of the data, yet they have leverage on cloud one way or another with different case studies to experience Digital Transformation for the business at hand. If the “big boys” are there and have confidence to move their workloads over to the cloud, we too can ride on this confidence to move ours there as well.
What about Compliance?
Let’s go back to the office/data centre/public cloud comparison scenario. A normal SME/SMB most of the time does not have any security compliance. At most probably they have an ISO9001 certification which is not security specific. As for a typical local data centre, they probably have ISO27001:2013 Information Security Management System where they need to comply to all the best practices in handling your Information Systems. There will be RISK Methodology and mitigation, Business Continuity Processes, Physical and Logical Access Controls, etc.
External auditors will have to visit annually to ensure the best practices, security policies and objectives are met to keep the data centre certified. There may be some who are certified by Uptime Institute as a Tier III data centre where they have redundancy from the power sources(2 different grids) to internet connections from multiple ISPs(Internet Service Providers). This makes us proud owners of the Data Centre because we have been certified with 1 or 2 compliance certifications.
If you visit AWS or Microsoft Azure website on compliance, here are some of the things you could see.
In terms of compliance, the public cloud providers have the most extensive offerings compared to what small business and even local data centre has. We can be rest assured, we are on good hands.In conclusion, having a comparison between user’s own server room, a local data centre, and Public Cloud by giants like Microsoft, AWS, Google and Alibaba, we can conclude that it is safe to host your environment on the Public Cloud.
However, if you are still concern with the privacy of your data, some users actual have a Hybrid Cloud where they host their database on-premise and the front-end is hosted on the Public Cloud.