Sounds backwards, doesn’t it? Typically, the most logical answer for what to do with your most sensitive data is to keep it locked up and held close to your chest. The least likely place to put sensitive data is in the public cloud.
Security is very important to nearly all companies. Moving to the public cloud means taking my application that is safely behind my company’s firewall and putting it on a public cloud service.
How can I possibly trust the cloud to keep my application and my data secure?
But traditional wisdom doesn’t apply here. In fact, the safest place to keep your most sensitive data may, in fact, be in the public cloud.
How can this be?
One of the biggest misconceptions that companies new to the cloud have is around trust. Can I trust using the cloud? One of the major ways this issue of trust shows up is in the area of data security. Can the public cloud keep my data secure?
For the vast majority of companies, your data is probably safer in a public cloud than it is behind your own firewall. Sounds crazy, but more often than not it is true.
Public cloud providers have significant experience in keeping data safe and secure. Data security is a core competency of cloud providers. For most of us consumers of cloud services, data security is important but is not one of our natural core competencies. We have our actual business to worry about. And while data security is important to our business, data security itself is not our core business.
But data security is the business of cloud providers. Without providing a secure environment for customers' data, public cloud providers cannot stay in business. Therefore, keeping data safe is a core business principle of cloud providers. They would not be in business if they could not keep their customers' data secure.
They invest heavily in building high-quality security teams that spend their time advancing the state-of-the-art in security protocols and procedures.
Public cloud providers
In order for a public cloud provider to thrive, they must have a strong focus on security and data protection as a discipline. Security naturally becomes a core competency. They hire and grow internal security experts that understand what it takes to keep data safe. Cloud providers have significant domain expertise in security. Security is part of their DNA.
And even more importantly, cloud providers share this expertise. Cloud providers give you tools and best practices that you can use within their cloud infrastructure that will assist you in keeping your data safe. This is because it is important to cloud providers that they be seen as providing a safe environment; security breaches impact their business. They are as motivated to keep your data safe as you are.
The security of your data is ultimately your responsibility, of course. Still, the cloud providers give you the capabilities and access to their experience and best practices, which makes it easier for you to keep your data safe. Even without a high degree of knowledge on data security, by using the tools and best practices provided by the cloud providers, you can create an environment for your data that is safe and secure. The cloud providers become your partner in security, a partner that has the knowledge and experience to help you keep your data safe.
Your data center
Compare this to your on-premises data center. Here, security is entirely your responsibility. The decisions you make, the issues you tackle, and the issues you ignore are your responsibility. What you do makes a direct and immediate impact on the security of your data center, and hence your application.
There isn’t anybody else who is motivated—other than you—to keep your data safe.
There are companies you can hire that can help you with improving the security of your application and infrastructure. You can also hire or grow security expertise internally to help make your applications safer. However, there is nobody other than you who is directly motivated to keep your data safe. You do not have a partner in your security with the same motivations that you have. You are, essentially, on your own.
So, you have a choice. You can work on your own to try to keep your data safe using the expertise you have in-house or you can purchase it. Or, you can share the security job with your partner—your cloud provider—and leverage their knowledge and expertise. Both of you are motivated to keep your data safe and secure, and your partner has the tools and experience—the core competency—to help you keep your data safe. Your partner has security as a core part of their DNA.
Which option sounds safer to you?
If you're interested in migrating to the cloud and need an overview of the process— along with best practices for how to successfully plan for and move your workloads to the cloud—check out our eBook, "The Essential Guide to Cloud Migration Monitoring."
The views expressed on this blog are those of the author and do not necessarily reflect the views of New Relic. Any solutions offered by the author are environment-specific and not part of the commercial solutions or support offered by New Relic. Please join us exclusively at the Explorers Hub (discuss.newrelic.com) for questions and support related to this blog post. This blog may contain links to content on third-party sites. By providing such links, New Relic does not adopt, guarantee, approve or endorse the information, views or products available on such sites.