A decade or so ago, cloud computing was the hot topic in IT and related business circles. As with any emerging technology, people were sceptical and suspicious, and they had lots of questions about how the cloud worked, whether it was right for their organisation, if their data was protected, and so on. As time passed, people became increasingly comfortable with the cloud and began to capitalise on its potential.
One major benefit of the cloud that was understood in its early years is that enterprises can leverage it to get their applications up and running faster, with more manageability, more scalability, less maintenance, and fewer IT resources. Yet despite this recognition — which helped propel the cloud industry beyond the $100 billion mark in just 10 years — there are still lingering misconceptions about deploying applications in the cloud. The most talked about misconception being that the cloud is a less secure place to deploy applications than deploying them in a private, on-premises data centre. There are reasons why some people still think in this way.
While this myth is not grounded in empirical evidence, people connect logically with the idea that things that are under their direct control are more secure than things that someone else controls — in this case, cloud providers. Many enterprises still invest heavily in their own data centres because they believe that running their sensitive business logic and placing their sensitive data in the public cloud means that others — whether rogue employees of the public cloud or other malicious actors — will have an easier time stealing their crown jewels. This train of thought is understandable.
The reality, however, is that the vast majority of the evidence proves the complete opposite. Most of the major system hacks and data leaks in the past few years have not been on data or business logic in public cloud deployments. With the occasional exception of misconfigured public storage buckets, almost all data leaks happen on infrastructure and software managed internally by enterprises, not by cloud providers. But even when presented with this information, the myth of applications being less secure in the cloud continues to hamper business and its subsequent growth.
By not deploying their applications in the cloud, enterprises are missing out on immeasurable advantages. There are obvious cost reductions for most businesses in moving away from owning and operating data centres. There is also significant business value in the flexibility that the public cloud offers enterprises. Public cloud providers significantly reduce the friction, time, and cost of building new functionality and applications, especially complex solutions that employ cutting-edge technologies such as data science, machine learning, artificial intelligence, and blockchain. So how can the misconceptions be redressed.
The industry is working hard to educate the masses in this area, but more efforts are required. Validated use cases for regulated sectors such as banking and healthcare are needed; simplification of certifications when building on trusted public cloud building blocks can help as well. Most importantly, a clear blueprint of what cloud-native application security is, and what it enables, is critical so that enterprise customers can have confidence that they are using the right tools and processes to avoid risk.
Additionally, the shift to more cloud-native application technology stacks — such as the move to serverless applications — can accelerate this process to improved application security. Enterprises deploying sensitive serverless applications that have adopted the right approach to minimise risk and maximise security are finding these applications to be the most secure applications they are operating.
Whether an enterprise is using it to deploy applications or store data, the cloud — believe it or not — is simply more secure and more reliable than in-house servers. Like any other decision when it comes to adopting new technology, enterprises should do their homework when selecting a cloud provider, understand what they're offering, what their assurances are, and how they provide security. Once your enterprise makes the leap to deploying applications in the cloud, you'll wonder why it took so long and why you were so worried. The cloud options that are out there with an array of configurations at varying prices depending on your needs.