Accessing and using the cloud for business operations has become essential for modern enterprises. Companies use the cloud regularly to manage networks, software, analytics, data, and to perform many other vital business services. But although “the cloud” has revolutionized data management and has accelerated digital transformation, it still raises some security and regulatory concerns. Use this guide to learn more about cloud capabilities, the security risks it poses, and the options available so you can decide which “cloud computing” approach is best for you.
What is the cloud and how to do organizations use it?
The cloud refers to a network of remote servers located throughout the world that interconnect via the internet, creating a single, digital ecosystem. Like individual storage units at an off-site rental facility, the cloud serves as virtual storage units that manage data and provide space for hosting software and platforms. For years, organizations had to invest in physical servers to store and manage their digitized information. The cloud allows companies to downsize their on-site storage capacities while still maintaining a high level of security.
More and more businesses are recognizing the value of using a cloud-based system over traditional data management solutions. It can enhance workplace productivity and efficiency. It enables better real-time communication between employees and customers. It’s typically more affordable with more predictable costs. Its improved flexibility and agility are attractive features for those looking to undergo their own digital transformation. It’s for each of these reasons that some have predicted that 92% of workloads will be processed by cloud data centers by 2020.
Types of Cloud Computing
How you use the cloud, and to what extent, greatly depends on your business. There are three different types cloud-computing services that businesses use regularly. While most businesses utilize combinations of all three, nearly all businesses use at least one type as part of their normal operations:
Infrastructure as a Service (Iaas):
Users obtain access to computing infrastructure like servers, storage and hardware through the cloud.
Examples: Amazon EC2, Windows Azure, Rackspace, Google Compute Engine.
Platform as a Service (Paas):
Virtualization technology that provides users access to operating systems, programming language execution environments, databases, web servers, and the like.
Examples: AWS Elastic Beanstalk, Windows Azure, Heroku, Force.com, Google App Engine, Apache Stratos, OpenShift, Magento Commerce Cloud.
Software as a Service (SaaS):
Software companies provide access to proprietary software via a web browser.
Examples: Adobe Creative Suite, Microsoft Office 365, Salesforce, Constant Contact.
Deciding which type of cloud-computing service works for you depends on your business goals and requirements. Cloud-based services offer many benefits, but they also present security concerns. After assessing their needs, organizations must then consider whether to use a private, public or hybrid cloud infrastructure.
Pros and Cons of Public and Private Clouds
In the past, organizations would purchase on-site storage servers to house their data. As their storage needs grew, they would buy more storage and servers to meet demand. The cloud removes much of this hassle and burden. However, storing data on-site provided the highest level of control. Private cloud systems offer a similar level of security, but without requiring so much on-site infrastructure. These differ from public cloud systems, in which you share space and resources with others. Dropbox is a good example of a public cloud.
| Type of Cloud | Pros | Cons |
|---|---|---|
| Public Cloud | More cost effective than private cloud | Less control over data management and security |
| Secure environment (dependent on the Cloud Service Provider you choose) | More inherent risks than private cloud since it resides on internet | |
| Better agility, elasticity and scalability than traditional on-premises storage | Great security risks from “phantom IT” rogues – internal personnel signing up for public cloud services without IT approval | |
| Private Cloud | Resides inside the organization’s infrastructure | Requires in-house expertise and resources to maintain infrastructure |
| Best suited to environments handling highly sensitive data | Need to manage security protocols in-house | |
| Gives organizations full control and greater degree of security | Higher degree of cost and complexity |
- Public clouds offer services and share resources via the internet
- Private clouds offer services to select users over a private network with some on-site infrastructure
- Hybrid clouds services divided between public and private clouds to maximize space and scale computing services faster
Why is cloud security important?
It’s hardly news anymore that the risk from data breaches continues to increase – it’s now a $2 trillion industry. As organizations move more of their services online and within cloud-based systems, they expose themselves to security risks. For this reason, organizations must prioritize maintaining security within their cloud systems.
Good management is critical to good cloud security. Visibility and monitoring are key to securely running any cloud environment. So, just as you install security to protect your physical premises, your data deserves that same level of care. You need cloud security tools that monitor and protect the flow of information in and out of your cloud systems.
Our latest Data Breach Investigations Report found that hackers gained access to credentials in over half of recent breaches via cloud-based mail servers. Risk-based cybersecurity requires a comprehensive assessment of threats facing an organization. Organizations must monitor all movement in, out of, and within their environments. A 360-degree view and round-the-clock monitoring allows you to respond swiftly and decisively to cloud computing security threats and anomalies.
Don’t forget good governance, either. Access to sensitive data such as personnel records and trade secrets should be restricted to only the users who need it for their jobs, whether the data resides in a public or private cloud. Read our Cloud Security Threats Insight article for more insights.
How Verizon can help
Cloud-based technology holds a lot of potential for organizations. We can help you review your current workstreams to find the cloud-based services and infrastructure that will work best for you. Our cybersecurity experts can help you address any concerns you have and support security program integration across your enterprise—inside and outside the cloud. Start by reading our CISO’s Guide to Cloud Security.
Our Secure Cloud Interconnect solution offers you peace of mind as we help you connect your multiple clouds, securely and reliably. It connects you to our global ecosystem of leading Cloud Service Providers (CSPs) via our Verizon Private IP Multiprotocol Label Switching (MPLS)-based VPN network. Our Secure Cloud Gateway solution delivers a secure, cloud-based, distributed web gateway that protects users, apps and data on any device, while maintaining performance.
Verizon has helped many complex organizations manage the security of their cloud-based systems. Learn how Verizon helped Astellas Pharma Inc. improve operational efficiency while maintaining tight security.