In early 2017, RightScale conducted their annual State of the Cloud survey, where they discovered that companies run 79% of their workloads in the cloud, with 41% of these workloads in the public cloud and 38% in private cloud. Every year the number of users turning to public cloud is increasing. Public cloud has plenty of benefits, but there are several risks that organisations need to understand in order to protect their organisation and appropriately mitigate these risks.
The public cloud offers users limited control. The environment is a multi-tenant environment meaning that a single environment serves many customers or tenants. Due to this shared environment, public cloud customers are not given access to the hypervisor. This lack of access prohibits customers from customizing their environment, and gives them less control.
Public cloud companies own the hardware and software, enabling them to make changes (low-level changes or big changes) at their choosing, without consulting their customers beforehand. Public cloud providers also choose the authentication, authorization and access control processes and software of their choosing. As a customer, your organisation has no control over which methods they use or the procedures governing these methods. If your organisation has strict security policies in place, it may be hard to ensure these policies are followed when using a public cloud environment.
Thinking Your Protected and Not Taking Other Security Measures
Some organisations think they're protected because they're using the public cloud to store their files, disregarding other backup methods or disaster recovery plans. Simply using public cloud storage isn't disaster recovery, nor is it a sufficient backup method. Major providers claim to have redundancy built into their infrastructure. We've however seen how this redundancy fails and systems have gone down for hours. Having a backup or disaster recovery plan in place is critical to ensure you still have access to your data when your public cloud provider is inaccessible, or a mistake is made and files are lost. In 2011, Amazon lost some of their client's data and in 2015 Google also lost some of its client data. These incidents sadly happen, and relying on your public cloud storage for your only source of data is dangerous. Ensure your organisation has another backup and also utilizes disaster recovery to minimize the impacts.
Lack of Security in Public Cloud
As previously mentioned, the public cloud is a multi-tenant environment. This inherently poses its own security threats as one flaw in the infrastructure could make the entire environment vulnerable. Multitenancy exploits may allow one tenant or hacker to view all the data or assume the identity of another client. Due to public cloud's security vulnerabilities, your organisation should consider what compliance regulations you are held to as many have strict guidelines that will affect how you use the cloud.
The public cloud also limits your control. This makes it hard to enforce your security policies once they're in a public cloud environment, and limits your control over authorization, authentication and access control. This creates an additional security risk.
Ownership of the Data
Many are unaware that their public cloud provider actually owns their data. It is best to read your SLA and ensure your organisation holds the rights to your data. Many of the biggest providers have clauses in their contracts stating that the customer's data is their own. This protects them legally and also allows them to create another revenue stream by selling the data. Organisations have a commitment to their clients to ensure their data is kept private. If your organisation is using the public cloud, there are several steps you can take to protect your client's data such as crafting an airtight SLA with your provider, only placing non-confidential material in the public cloud, as well as using a public cloud provider that allows you to retain ownership.
The Public cloud can be a great tool. Managing it properly and ensuring you're only using it for non-confedential data is critical to ensuring it's safe usage. For many businesses, the best approach is a hybrid approach, utilizing an approach that leverages the best of each model.
Looking For a New Cloud Service Provider?
If you're thinking about switching cloud service providers, consider Cloud Carib. Headquartered in Nassau, the Bahamas, Cloud Carib is a cutting-edge, cloud and managed service provider that offers private and hybrid cloud solutions. If you're looking for tailored cloud solutions from a reliable provider, contact us to speak with a cloud specialist.