Cloud computing offers lots of benefits, but improved security is not one that makes many IT lists. In fact, many -- perhaps even most -- IT pros still believe that cloud computing means a huge step backward in terms of security risk.
That doesn't seem to be the case. About 10 percent of our workloads now run on public clouds, and so far, so good.
Why? Ironically, partly because IT has been so paranoid about public clouds that it spent time and money to implement advanced security approaches such as identity and access management and to be more proactive about security measures.
Moreover, public cloud providers themselves understand the importance of security. If they get one cross-tenant hack, they are done for. Thus, providers consistently and proactively update security systems. Most enterprises would like to do the same, but they don't have the time or the budget, which leaves them comparatively more vulnerable.
These factors lead me to the conclusion that the best-secured systems are on public clouds. Sorry, but that's where the facts lead.
As a result, four factors have come together to make cloud security overall better than the usual on-premises security:
- The centralized model of the public cloud means that updates can be easily applied to proactively deal with threats.
- Because IT is paranoid about the cloud, it has invested to make it more secure than what's usually done on premises.
- IT and providers usually deal with cloud security using identity-based approaches, which are typically more effective than traditional security approaches.
- We start from a blank slate when it comes to cloud security, which has let both IT and providers be more innovative and more effective.
An unexpected advantage of the move to the cloud is that security practices and approaches everywhere continue to improve, not only those that touch the cloud. That's good news.