Security in the Cloud

Being in such a highly regulated, information-driven industry, it’s understandable to be apprehensive about moving your data to the cloud. In fact, there are many statements surrounding cloud security that make the idea seem unappealing in some cases and dangerous in others. Unfortunately, with how often the same few rumours are repeated, they can feel like fact. Often, these ideas couldn’t be further from the truth! 

Here, we look to investigate claims made around cloud security and hope to dispel some of the more common myths. 

The Cloud 

Whether you are looking at Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), or Platform-as-a-Service (PaaS) offerings, there are benefits to moving to the cloud. 

With a cloud solution, your system can be scaled more easily to fit business growth, and the ability to easily configure schedules when the systems are operational. This also lends to operational cost savings when compared to on-premise solutions. 

Whether your users all work from a single location, or many, simultaneous synching allows them to work with and share documents in real-time. As well as the benefit of improved collaboration, this allows an increase in data quality by reducing the risk of duplication. Efficiency is also increased, as users can work concurrently rather than needing to work individually and then obtain feedback. 

Here, we will focus on SaaS offerings and how the cloud can benefit your business from this perspective. 

What do we mean by cloud security? 

The first step to knowing whether the cloud is secure is knowing what we mean by cloud security. It’s simple enough to understand that any cloud systems – like any on-premise systems – need to be secure against all kinds of breach possibilities, from malicious hacking to accidental leaks. More specifically, it’s how the cloud is secured, whether this is built-in protections – such as firewalls – or implementing policies like data management and collection. 

Gartner defines cloud security as “the processes, mechanisms and services used to control the security, compliance and other usage risks of cloud computing.” 

With this in mind, it’s easy to start to compare cloud and on-premise security requirements. So, let’s take a look at a few commonly believed cloud security rumours.

On-premise solutions are more secure than cloud  

This is a big one, one we hear every day, and the truth is far less black-and-white. 

To start, cloud providers build their business around data storage. It’s in their best interest to ensure their platform is as secure as possible to maintain their business credibility and client base. It is the responsibility of the cloud provider to ensure data security, and so they invest time and money into testing – such as penetration tests and engaging ethical hackers – to find vulnerabilities and resolving these issues. 

 In contrast, on-premise security is the sole responsibility of the owner of the hardware. All of the time and cost involved in securing your data falls to you, whether this involves in-house IT or engaging a third party. 

There is no definitive answer to which is more or less secure, only how diligent the responsible party is in maintaining that security. Before investing in any platform, it is up to the consumer to ensure they have conducted all their due diligence and are satisfied with the result. 

Business Continuity Planning is more difficult with cloud 

Quite the opposite, in fact. With the ability to access data from anywhere, anytime, and on any device with access to the internet, users need only login to their account to resume working in the event of an outage or other disaster. Using DMS such as SharePoint also decreases the time needed to get back up and running, as your file structures are also stored in the cloud and there is no need to go searching for documents – they’re all exactly where they should be. 

This particular myth is quite damaging to businesses as well. Research₁ has shown that most enterprise data centres are expected to move to the cloud by 2025. With this move, traditional security and recovery approaches, such as those used for on-premise solutions, will not be able to keep up with the changes or the scale required. So, by perpetuating this myth, many businesses aren’t adopting cloud recovery methods to the timescale required to keep up with business and technology changes. 

As with security, you need to ensure you are conducting proper research before signing with a cloud provider. In this case, make sure to ask about data retention policies, backup policies, and how access to this data is managed. Engage with IT for this as well, whether internal or a third party, to ensure the offering is suitable for your business. 

Cloud is more expensive 

Over a period of 5 to 10 years, implementing a cloud or software-as-a-service solution can save businesses 15-30% of their annual software spend, including operational cost savings₂. While the initial implementation and license costs may seem daunting, over time your cost savings could not only bridge that gap but surpass it. 

 If you have only recently invested in an on-premise solution, it is understandable that you would be reluctant to move. Keep in mind, however, that the recommendation to replace on-premise hardware is every 3-5 years. On-premise solutions will be a constantly increasing and fluctuating cost, which would also include risk – such as breaks and damages to the hardware – and tech debt from delays in replacing outdated machines and components. 

 When looking at SaaS solutions, users will require no more than a license, a laptop (or desktop, if you prefer) and an internet connection.  

Cloud is more complicated 

Even with on-premise solutions, most businesses use – or are at least familiar with – the Microsoft Office suite. Microsoft Excel, SharePoint, Outlook, Power BI, and more have become so familiar to users that it would be more peculiar to enter a workplace without these programs. When looking at a SaaS solution, cloud makes the most of these programs, giving you the opportunity to get the most from the software you buy. 

 “Cloud is also complicated because cloud is powerful” says a 2021 Forbes article₃. 

 While they are right in one sense, that cloud is powerful, in another they aren’t entirely accurate. Cloud is only as complicated as we make it. On a user-level, it’s very simple; log in to access. 

 From an IT perspective, it is also becoming simpler. Cloud experience is becoming more and more commonplace and online assistance, such as guides and forums, are readily available to supplement knowledge. If you do not have anyone in your business familiar and confident with cloud, there are many training courses, as well as consultants and firms who are capable and qualified to assist. This includes security, design, and process. 

We’re planning our cloud strategy, but don’t need to rush to implement 

39% of respondents to a 2022 cybersecurity survey have more than half of their workloads in the cloud, while 58% plan to make this shift in the next 12-18 months₄. As we’ve seen from our own research₅, however, “levels of digitalisation still remain low” in the trust, fund, and corporate services market. In fact, firms have consistently ranked themselves a 5 out of 10 in terms of digitalisation, with three years of research₅ showing no change in this statistic. 

Planning is crucial, of course. However, it needs to be known that cloud solutions are a thing of the present, not the future. We live in an age of rapidly advancing technology and to move slowly is almost the same as not moving at all, or even moving backwards in some cases. 

The last three years have shown us how crucial it is to have a flexible working model, giving users the ability to work in the office, from home, or elsewhere as needed. More and more people are returning to at least a hybrid model of working, with data from March 2023₆ showing 47% of survey respondents are able to work from home if they need. 
 
Why does that matter to cloud? The ability to work from anywhere, without a negative impact to your business, is a relatively new idea that expanded quickly in a very short space of time. Extenuating circumstances aside, it just shows how fast the business world can change, forcing businesses to adapt just as quickly or fall behind the curve. 

Getting your cloud strategy implemented is the only way to keep pace with evolving market requirements, much less getting ahead of your competitors. 

TrustQuay Online is a fully cloud-native solution. To explore how TrustQuay Online benefit your business, book a demo today. 

Sources 

₁Source: The Gartner Outlook for Cloud Security 

₂Source: Expert Interviews, BDO Analysis, Oliver Wyman Analysis 

₃Source: Forbes: Why Is Cloud Computing So Complicated? 

₄Source: Cybersecurity Insiders: 2022 Cloud Security Report 

₅Source: TrustQuay Future Focus Report 2023 

₆Source: Public opinions and social trends, Great Britain: working arrangements