How Well Do You Know Cloud Computing

Perception is not always the same as reality, and this is especially true in the sometimes nebulous world of cloud computing.

While states and localities are rightfully bullish on the technology and it has quickly spread through government, many misconceptions still abound. Learning more about cloud computing can help IT leaders make informed decisions about how best to deploy these services in their organizations. Read on to separate myth from reality.

1. Moving to the cloud shifts responsibility for security to service providers.

This is mostly false. The cloud definitely changes perspectives on security, and responsibilities and capabilities change as well.

The greatest security gain comes through Software as a Service models. SaaS providers handle all low-level security such as network, operating system and middleware. This gives some organizations a level of security that they might not have been able to afford before, such as protection from distributed denial of service (DDoS) attacks. However, internal IT departments are still responsible for the application and human layers.

If an employee succumbs to a phishing attack and gives up his password, no network intrusion prevention system (IPS) is going to keep his account secure. Configuring applications properly and teaching users about good information security hygiene remains the organization’s responsibility.

And with Infrastructure as a Service and Platform as a Service cloud models, the responsibility is even greater. IT managers are still responsible for security, and with IaaS and PaaS, this is harder to accomplish than in their own data centers. Network managers who are used to easily deploying security appliances, such as firewalls, load balancers, proxies, intrusion prevention and data leak protection, will find they don’t have the same configuration options in someone else’s highly virtualized data center. Service providers may have basic firewall, IPS and DDoS protections in place, but traditional enterprise security controls are usually do-it-yourself measures.