Ever since cloud first arrived on the scene, one of the most common arguments against using it has been security – not knowing where your data is stored, not knowing who has access to your data, and even fears over the activities of “digital neighbours” in multi-tenant environments.
As recently as May 2016, “general security concerns” were named the biggest barrier to cloud adoption in a LinkedIn survey. But is cloud really any more or less secure than other options for off-premises infrastructure such as colocation?
Why cloud may be more secure than you think
In reality, there have only really been a few major data breaches where sensitive data stored in the cloud has been compromised. This is because cloud, contrary to many assumptions, has a couple of inherent advantages over smaller colocation outfits and on-premises infrastructure when it comes to security.
Firstly, cloud providers tend to have the economies of scale to build very big, very secure data centres, with all the right accreditations in place and no expenses spared on their access controls. Using an example close to home, we’ve invested over £1 million in the security of our Manchester data centre (which provides cloud and colocation) which is far more than most organisations would [be able to] spend on an in-house server room.
Secondly, specialist and responsible cloud infrastructure providers are proactive in keeping their platforms up-to-date and patched for security vulnerabilities. For example, modern cloud infrastructure suites allow security management on a global level, which simplifies the process enormously and reduces the chance of legacy and forgotten/orphan hardware/software lapses. Many organisations fail to do this with their own infrastructure, and it puts them at a significantly higher risk of data breaches as a result.
Why colocation still matters
That said, for organisations who want or indeed need to maintain their own infrastructure, colocation is still a great option when it comes to security. They benefit from the most stringent levels of hands-on (or rather, hands-off!) control over their equipment and security measures used to protect it (such as electronic locks and caged areas, which may not be the case with a typical cloud platform) and the option to keep this infrastructure in a purpose-built environment with access controls, CCTV monitoring, and processes and policies to match.
The additional flexibility can also be a must-have when it comes to compliance, and when certain customers of the organisation have very specific requirements for security they expect to be met.
Of course, it’s worth mentioning that many cloud providers will host their cloud infrastructure in equally secure environments, which leads on to a very important factor…
Why you should visit your data centre
When it comes down to it, the best way to tell if your infrastructure is secure in a given data centre is actually to visit that facility. This is a key part of using a colocation service, and most colocation veterans will vouch for the importance of the site visit in their data centre sourcing decision.
With cloud, however, the opportunity to do this is much less common. In fact, it’s highly unlikely with big-name providers such as Amazon and Google. However, some smaller and more specialist providers - almost certainly those that are worth considering working with - should be able to take you into their data centres to show you where their cloud lives, giving you the chance to get a feel for how their facilities are managed and maintained.