Issue link: https://insights.oneneck.com/i/1200933
Chapter 4: Workload Control 29 These materials are © 2017 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. One exclaims that moving to cloud will solve all your secu- rity woes. The other side decries the state of cloud security, implying that you'd be crazy to move into the cloud. Let's debunk both sides of the security myth. Cloud is more secure than on‐premises! For years, cloud providers and supporters have used secu- rity as an argument for moving to the cloud. After all, these folks say, cloud providers have a financial incentive and the resources to hire only the best and the brightest security minds in the world, and their services, as a result, are rock solid. It's the rare organization that will have more internal security expertise than cloud service providers. And they're right. Cloud providers do tend to have a very strong security posture. They really have to. One of the rea- sons is that cloud providers are under constant attack. With all that juicy data, they're really attractive targets. And, as shared services, cloud providers have to protect more heav- ily from external threats, as well as those that originate inside their networks. On‐premises is more secure than cloud! For those that are on‐premises, part of the reason is often security. The feeling is that the company can do better on its own than trusting some cloud provider that doesn't have a vested interest in the company. The problem is that, although cloud companies may not necessarily have direct vested interest in your security, they do care about their reputation and what happens to their customers overall. The other point to consider is that commodity public cloud does not necessarily disclose all security layers, and for some industries there are very specific security protocols that must be supported. Often, it's easier and cheaper for these specific workloads to reside in an environment in which the customer maintains an end‐to‐end security solution.