Hacked accounts are in the news on practically a daily basis: Yahoo uncovered another massive cyberattack, with more than 1 billion user accounts compromised, making it the largest breach in history. The Democratic National Committee’s email was hacked, as was the Hillary Clinton campaign’s and the Republican National Committee’s. Let’s not forget about Home Depot, Target, and all those IoT hacks as well.
What do these all have in common? Not one of them is a cloud-based attack.
But you wouldn’t know it from the press. I get calls from reporters about once a week, all talking about the future of cloud computing given these “cloud breaches.” But none of those breaches has anything to do with cloud computing.
Yahoo is not Amazon Web Services, the DNC email server is not Microsoft Exchange Online, and no IoT device is a cloud.
The fact of the matter is that the public cloud services have a good record when it comes to breaches—there’ve been almost none so far, in fact. Moreover, the cloud breaches I’ve seen have resulted from user errors, not an issue with the public cloud itself. Generally speaking, it remains true that the public cloud is more secure than on-premises systems.
The issue is really a PR problem. To laypeople, everything that’s hosted on the internet is a cloud, but of course that’s not the case.
In fact, public clouds are secure systems. They manage many tenants and have elastic scaling, with proactive security and governance. Although not perfect, they are a hell of a lot more secure than Yahoo Mail ever was.
Still, I fear the ignorant reporting could be giving cloud computing an undeserved black eye, just as IT organizations are starting to get past their unfounded fears around cloud security. Let’s start educating people to the truth. No fake news here, please!