Just how secure is the cloud, really?

Just how secure is the cloud, really?


By now,cloud computing is widely used for anything from personal productivity to enterprise resource planning. It has proven itself not only in theory, but in practice – but just how secure is the cloud?

Security was one of the major perceived issues with moving to the cloud, but an abundance of proof now exists that the cloud not only works like it should, but is also as secure as it needs to be for enterprise applications. However, just as it is for on-premise software, it is only going to be as secure as your service provider makes it – and the good news is that there are plenty of methods which are applied to ensure cloud services are typically far more secure than anything you own and operate yourself.

With that, read on for four ways that cloud applications and data are kept fully secured.

  1. Data-centric encryption

The big worry with cloud always was the fact that data is in transit and can therefore be intercepted. That issue is altogether avoided as most applications and services available today encrypt data (regardless of type or source) at the point of origin all the way through its complete lifecycle. With that in place data is safe across the enterprise, in transit to and from the cloud, without the need to encrypt and decrypt each time it passes through different IT environments.

  1. High performance processing

Encryption doesn’t just happen; it requires computing power. Today’s services employ high performance automated processing which eliminated manual encryption and decryption as data moves through the enterprise. It’s typically seamless to the user – and that means no performance bottlenecks. Data protection strategies that include encryption and tokenisation performed locally at the application, database, or webserver level, allows for the dynamic protection of terabytes of data without complex procedures, additional technology or interrupt current business process.

  1. Tokenisation, you say?

Yes, tokenisation. This is a method for substituting sensitive data with non-sensitive values – so the data is ‘real’, but doesn’t have any ‘real values’. It is among the prescribed data protection methods recommended under industry regulations such as PCI DSS (the credit card association). Stateless tokenisation eliminates the token database and any need to store sensitive data, as well as the keys that map the tokens to the initial sensitive data.

This allows organisations to efficiently address data residency and privacy requirements (nationally or internationally), as sensitive data can be maintained in a valid jurisdiction with only a representation of the data being moved. In-scope data can be securely moved and stored across cloud environments, and only decrypted and used within jurisdictions where it is specifically permitted.

Sound complex? What it means is that your information, particularly sensitive stuff, can be protected by service providers using this method.

  1. FPE for structural integrity

Ever received a .CSV file and opened it in Word? Gobbledegook. Encryption should preserve formatting to avoid just that sort of issue. No wonder, then, that it is called Format Preserving Encryption (FPE), because it looks after the structure and format of the data set. That also means the data fits into existing systems without requiring changes in IT infrastructure. FPE preserves ‘referential integrity’ of the data, which allows the data to be analysed in a protected state, without having to de-crypt it first.

Be that as it may…FPE isn’t yet widely used, although it could solve some of the most commonly encountered security issues (like leaked credit card details).

The bottom line is that cloud services – and here’s the really important bit – from reputable vendors are about as secure as it is possible to make anything.

What is a reputable vendor? Some of the biggest names in computing can be depended upon for cloud services, notably including Microsoft – and with millions upon millions of users, you can depend on the cloud for a secure experience.