There are three misconceptions about the cloud. First, that it is secure by default; second, that you can migrate to it yourself; and third, that it’s water vapor.
Cloud in itself, as an infrastructure, is very secure. If Google, Microsoft and Linux experts cannot be trusted to do a good job then all hope is lost. They can be trusted, which is why cloud is secure. The best analogy to illustrate the concept is a country’s security. Borders are secured, monitored and patrolled – yet you still have to lock your car and home inside that secure country. The same goes for the cloud: you still need passwords, encryption, a firewall, etc.
Yes, cloud providers have developed intuitive and user-friendly interfaces, but we strongly recommend you use certified people with good reputations to set up your cloud infrastructure. You use a professional for the same reason you wouldn’t connect your new home to the power grid yourself. You would ask a licensed electrician to do it because some jobs are best left to those with specialized knowledge.
Larry Ellison (CEO of Oracle) once jokingly said that cloud is not water vapor. That’s right! Data is still stored somewhere physically in a high-speed, high-capacity data center on normal hard disk drives. The only difference is that your company does not have to take care of that infrastructure; you virtually rent part of those resources for a monthly fee (depending on what you use).
Back up data locally
At least sensitive or important data
Avoid storing sensitive information
But if you have to, then use ‘immutable buckets’
Encrypt your data
Use cloud services to encrypt the data
Encrypt the data before uploading to cloud
Cloud hackers have no access to your local passwords or keys.
Read the terms & conditions of your cloud service provider
Know how cloud provider manages and stores your data
Secure the end-user devices that are accessing cloud-based resources
For access to the cloud, take all measures available
Perform a regular security audit
Hire professionals to simulate malicious attacks in order to discover security weaknesses in your cloud configuration, networks and applications.
A word of advice: Whether you store your data on the cloud or on local server, you must not focus on data loss or hardware failure – technology is so advanced that it’s not a problem anymore. Worry about human error, bugs in application software, viruses, malware, and employee sabotage