{"id":2806,"date":"2016-04-19T14:18:39","date_gmt":"2016-04-19T14:18:39","guid":{"rendered":"https:\/\/devbloglavaprotocols.nityo.in\/cloud-security-so-are-we-secured-or-not\/"},"modified":"2016-04-19T14:18:39","modified_gmt":"2016-04-19T14:18:39","slug":"cloud-security-so-are-we-secured-or-not","status":"publish","type":"post","link":"https:\/\/www.lavaprotocols.com\/the-cloud-blog\/cloud-security-so-are-we-secured-or-not\/","title":{"rendered":"Cloud Security: So Are We Secured (or Not)?"},"content":{"rendered":"
<\/div>

The recent Panama Paper scandal has left many organisations wondering if their level of security is adequate<\/strong><\/span><\/p>\n

<\/p>\n

During Lava\u2019s early days, a good three to four of the initial meetings were spent educating prospects about cloud technology before we could delve further into the product offerings itself. This was partly due to the lack of clarity on how the cloud operates but more importantly because the security and safety of data on cloud had to be addressed in great lengths.<\/span>
<\/span>
<\/span>Today, whilst questions are still raised, it is seen more as a required checklist to be crossed-out by the vendor versus genuine worry or doubt in the security capabilities of trusted cloud providers. <\/span><\/p>\n


Related<\/strong><\/span>:\u00a0The 60 Second Data Security Checklist<\/a><\/p>\n


<\/span>A personal opinion on this is that cloud security is one which is being confidently overlooked unless you\u2019re in the financial sector, government sector (where sensitive and confidential data is involved) as well as GLCs (government-linked companies) from certain fields where cloud is only just being explored (largely adopting a wait-and-see approach to its GLC counterparts).<\/span>
<\/span>
<\/span>It is interesting to note some of the concerns that have been raised with regards to cloud security. Here are two of the most frequently asked questions<\/strong> that have been raised across customer meetings, marketing events, and inbound query calls:<\/span><\/p>\n

\u00a01. External<\/strong><\/em> threats via the internet are a bigger threat on the cloud vs the IT infrastructure located within your own backyard.<\/i><\/b><\/i><\/b><\/span><\/p>\n

Security threats are certainly a concern with the Cloud Security Alliance quoting data breaches, account hijacking, insecure APIs and denial of services being some of the issues. These are known threats which require continuous up-to-date prevention initiatives. <\/span><\/p>\n

However, whilst the threats on the cloud are real, the level of scrutiny for detection and protection that needs to be taken by a hosting provider or on one\u2019s own infrastructure is similar to that which is required for a cloud infrastructure. <\/span><\/p>\n

Considering the volume, experience and coverage of true cloud infrastructure providers such as Google and Amazon, simple <\/span>cost + effort & benefit<\/i><\/strong> comparisons should easily drive security choices in favour of the cloud.<\/span><\/p>\n

Google for example shares that it protects customer data in-transit over the internet with SSL encryption. Its admin and security controls passed a ISAE 3402 Type II audit and they are the first cloud-based messaging and collaboration suite to achieve US FISMA (Federal Information Security Management Act) certification.<\/span><\/p>\n

Two years ago, Google raised their bar even higher in their efforts to step up on security. Besides creating new security teams, their engineers discovered and helped fix vulnerabilities like Heartbleed and Poodle, and took a series of concrete steps to \u00a0increase the security of their customers\u2019 information by:<\/span><\/p>\n