Secure Your Applications in the Cloud
This post also appeared in The Tennessean, where Concept Technology has a bi-weekly feature in the Business section.
More and more businesses are taking advantage of cloud applications such as Salesforce, Basecamp and ZenDesk to handle any number of business operations.
When your employees start using Basecamp, for example, to manage a complex project, they are essentially moving your company’s data out of the traditional enterprise system and into the public cloud. This move may leave business owners wondering: Is my data less secure?
Cloud applications that are favored by big enterprises exist in very carefully managed environments, and the companies that own these applications have a deeply vested interest in protecting them against attack.
Further, since these cloud applications are high-profile, they get attacked all the time, so their infrastructures are continually battle-tested. Take, for example, the customer service and support application ZenDesk, which was breached in February. Hackers stole email addresses and email subject lines from three of the company’s highest-profile clients: Twitter, Pinterest and Tumblr.
While the security of ZenDesk’s application was compromised, the company identified the attack, found a solution, patched its system and notified its clients extremely quickly.
Our company uses ZenDesk, and we heard about the breach from ZenDesk support before we even read anything about it in the news. We’re very pleased with ZenDesk’s response to this incident and its full disclosure to its clients and the public. It showed that the company was on the ball and proved its interest and attention to securing its applications.
Contrast this against many small and medium-size IT departments — and even enterprise IT departments — where the folks in charge of securing an organization’s Web application infrastructure are not security specialists, they’re generalists.
In most instances, these individuals are network administrators who have also been asked to support Web applications, and as a result, they are more likely to make mistakes within their environments that could compromise security in the case of a direct attack. When breached, they also will probably require more time to identify and fix the crisis.
Additionally, enterprise security breaches are much more likely to occur through seemingly innocuous ways: a disgruntled former employee leaves with a USB drive of data or a laptop is stolen out of an employee’s car.
In 2012, an Alert Logic report found that data, whether enterprise or cloud, has equal chances of being attacked when attacks are opportunistic in nature. So, the question stands: Is your data safer within your enterprise or in a public cloud?
Well, it depends on the type of data.
There are no-brainer cases, such as if you’re a software developer, you wouldn’t want to host the source code to your application on GitHub, a code-sharing cloud application. If you have data that falls under compliance standards such as HIPPA, where you have to demonstrate that you control access to that data, the cloud wouldn’t be the best place to store that information, either.
For most other types of information, even though the knee-jerk reaction in a lot of organizations is to believe that the data is less secure in the cloud because you’ve lost control over that data, the reality is a bit more complex.
There’s a difference between feeling insecure and actually being insecure.
If you’re working with the 800-pound gorillas of the cloud application market, you can have a lot of confidence in how seriously they take the security of their systems As long as you can deal with loss of control over your raw data, it’s a good bet that the security within these cloud applications is stronger than your traditional enterprise system.