Light Dark
July 20, 2017 By Rick M Robinson 2 min read
Cloud Security

Now that cloud has become pervasive, organizations and individuals everywhere need to think about cloud security. To say that data is either fully secure or vulnerable in the cloud would be far too simplistic.

Two Schools of Thought

There are two widespread but opposite beliefs surrounding security in the public cloud:

  1. Abandon all hope! When you send data to the public cloud, you no longer control it and you don’t actually own it. You can’t even access the data except by the good graces of the cloud provider. In the cloud, you can kiss data security goodbye.
  2. No problems! Putting data in the cloud is like putting money in the bank: They’ll put it in a vault, designed and guarded by professionals, and they’re on it. After all, that is their jobIn the cloud, your data is safe and sound.

Both of these beliefs are broad and all embracing, telling you everything you need to know about cloud security. In the language of folklore experts, they are myths But according to InfoWorld, these beliefs are also myths in the ordinary, everyday sense — that is to say, both of them are false.

The Hazards of Mythology

The good news about cloud security is that public cloud security is, in fact, good. Those nightmarish cybercrime stories that regularly lead the news tend to have one thing in common: They don’t involve the cloud.

Cloud providers know that a breach could kill their business overnight, and they act on that knowledge. They don’t sweep security updates under the rug, for example. Does your organization treat security as a top priority? Cloud providers do.

So far, that sounds a lot like the second myth described above, but don’t kick back for a cloud security snooze just yet.

To Err Is All Too Human

It is still ultimately your organization’s data, and you are responsible for it. If your cloud-stored customer data gets spilled all over the internet, your customers aren’t going to blame your cloud provider.

You have security requirements, and wherever and however your data is stored, you should be using data protection tools that meet those requirements. As the InfoWorld article explained, “You should use identity and access management (IAM), encryption and perhaps multifactor authentication. If you’ve done all that, you’ve done your job.”

Above all, never forget that there is no purely technical solution to the human factor. If a spear phishing email tricks an employee into revealing his or her password to cyberthieves, no cloud provider’s security measure can keep the fraudsters from accessing whatever the legitimate user of that password could access.

Cloud Security Is What You Make It

In short, cloud security is neither a magic bullet for thieves nor a magic shield for your data. The cloud can offer real security advantages, due to the emphasis that providers can and do place on security protections. But in the end, what you get out of your security measures is usually proportional to the time and effort you put into them.

Read the white paper: Address six essential concerns of cloud security to build your business

 |  |  |  |  |  |  |  | 
Rick M Robinson

More from Cloud Security
January 22, 2025

2024 Cloud Threat Landscape Report: How does cloud security fail?

4 min read - Organizations often set up security rules to help reduce cybersecurity vulnerabilities and risks. The 2024 Cost of a Data Breach Report discovered that 40% of all data breaches involved data distributed across multiple environments, meaning that these best-laid plans often fail in the cloud environment.Not surprisingly, many organizations find keeping a robust security posture in the cloud to be exceptionally challenging, especially with the need to enforce security policies consistently across dynamic and expansive cloud infrastructures. The recently released X-Force…

January 8, 2025

Cloud threat report: Why have SaaS platforms on dark web marketplaces decreased?

3 min read - IBM’s X-Force team recently released the latest edition of the Cloud Threat Landscape Report for 2024, providing a comprehensive outlook on the rise of cloud infrastructure adoption and its associated risks.One of the key takeaways of this year’s report was focused on the gradual decrease in Software-as-a-Service (SaaS) platforms being mentioned across dark web marketplaces. While this trend potentially points to more cloud platforms increasing their defensive posture and limiting the number of exploits or compromised credentials that are surfacing,…

December 18, 2024

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature