Why is the Cloud not secure?

We get this question all the time from our customers and many companies think they can leverage their existing security mechanisms in the Cloud. However, in reality, the Cloud is an entirely different arena. At Crypteron, we often have to remind customers of the security risks of being in the cloud; and to do that we must look at why things are so different in the Cloud.

Traditionally, companies are used to having their own datacenter with their own hardware running only their application. Or perhaps they use a co-location facility (termed CoLo in the industry) with their hardware sitting in a locked cage physically separating their servers and databases from other Co-Lo customers. In this environment, you are not sharing hardware with others and in theory, only you have access to the hardware equipment. This physical separation and physical security isn’t complete in itself but does offer a layer of protection that is otherwise missing in the cloud.

Now, moving to the Cloud, everything is shared. And you own nothing. Not only does the hardware belong to another company (the cloud provider), but that hardware is likely being shared by other organizations too. It is hard, often impossible, to map a 1:1 relationship between physical resource like CPU cores, storage drives, network interfaces etc and their virtual counterparts. It is possible that your data resides on the same physically media as your competitor or another cloud customer currently being investigated by a government agency for questionable behavior. If the government investigation team (eg: FBI, NSA etc) requests a copy of that physical drive, your sensitive data suddenly becomes part of the collateral damage without you ever knowing it.

Even if we leave law enforcement aside, the fact remains that it’s the cloud provider who owns the cloud equipment and you are merely renting it. This implies that there is usually an administrator on the cloud provider’s side who always has access to all resources just to ensure that everything is up and running. This is especially true as we step into the next evolution of cloud technologies via ‘Platform as a service’ where the service provider own not just the physical hardware and the virtualized hardware but also the operating system hosting the PaaS application. So even if the Cloud providing company has no interest in your data, a disgruntled employee from the Cloud provider’s team can ruin your company via data leaks. Worse of all, there will always be someone outside your organization who has access to your Cloud data.

These are just few of the reasons why it is absolutely critical to have data encryption in the Cloud. Very strong encryption! In addition, compliance requirements also make it illegal to operate in the cloud without adequate protection for your sensitive data. That is a topic in itself so we’ll save that for another blog post.

This is why we exist today. Our military-grade, cloud data security solutions ensure that you have the highest level of security so your IT department can focus on the things that actually make your business unique from the competition.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Recent blog posts

Migrating existing live data into Crypteron

You’re already live in production. And you have sensitive in the clear. Read this article to see how Crypteron can help.

Encryption, Entity Framework and Projections

Projections in Entity Framework live outside the entity lifecycle. Read more to learn how your can use Crypteron to secure such data.

PCI DSS and key rotations simplified

PCI compliance requires data encryption keys to be changed frequently. Here is how you can do it easily.

Your data-center is not secure and what you can do about it

There is no secure perimeter anymore. Neither in your corporate network nor in your data center. Fight a winning battle armed with self-protecting data rather than a losing one trying to protecting the infrastructure.

Introducing the Crypteron Startup Innovators Program

Qualifying startups get up to 50% off all plans. Tell us how you’re changing the world and the our Startup Innovators Program will support your journey.

6 encryption mistakes that lead to data breaches

If encryption is so unbreakable, why do businesses and governments keep getting hacked? Six common encryption mistakes that lead to data breaches.

Announcing the new Crypteron Community Edition

Starting today you can now sign up for the Crypteron Community Edition for free with no performance limitations.

Data breach response – One click to save your business

Get breathing room – when you need it the most. Respond to a data breach with a single click.

Why We Need Proper Data-At-Rest Encryption: 191M U.S. Voters’ Data Exposed

Adding security at the application level is a large step forward in protecting data from the constant threat of data breaches

How to encrypt large files

CipherStor is blazingly fast! Here we show how to use it within your data-flow pipeline to maintain high performance when encrypting large files.

Why is the Cloud not secure?

by Sid Shetye time to read: 2 min