COLUMN: Security Crisis -- Public Cloud Is Not A Security Cure-All

CRN Executive Editor Steve Burke says businesses are turning to solution providers to separate fact from fiction, particularly with regard to whether the public cloud is more secure than an on-premises IT environment.

It’s hardly surprising that some public cloud providers are evangelizing a go-all-in public cloud approach to avoid security breaches like the recent Microsoft Exchange on-premises attack or the SolarWinds breach.

The public-cloud-at-all-costs approach ignores the reality of the hybrid cloud workplace, said Pat O’Dell, general manager and managing partner for highly respected Clinton, N.J.-based solution provider CPP Associates.

“My father used to say, ‘When all you have is a hammer, everything looks like a nail,’” O’Dell said. “We have to consider the whole toolbox. If you work with someone not considering every tool in the toolbox, you are probably going down a path that is not good for your company.”

The fact is the Exchange and SolarWinds attacks are so far-reaching that more businesses are turning to solution providers to separate fact from fiction, particularly with regard to whether the public cloud is more secure than an on-premises IT environment.

Mike Maher, director of professional services for CPP, took direct aim in a blog post at the naïve and simplistic view that you will get better security by moving to the public cloud rather than relying on a hybrid model. He calls for customers to embrace “freedom of choice” and make decisions based on their own best interest.

“Moving workloads to the public cloud means signing up for their terms and conditions, their service levels and their limitations on security,” said Maher. “If you’re anything like me, you’re probably not comfortable leaving the security of your data in the hands of other people.”

Securing infrastructure takes a multifaceted approach, said Maher. “Best-of-breed solutions have real value,” he said. “You can pick and choose what you need to ensure that the infrastructure meets your businesses requirements, as well as that of any regulatory or governing bodies. Most solutions have support for the hybrid space and that is because it is the most common deployment for businesses of all shapes and sizes.”

Maher said that many customers simply do not apply rigorous security policies when moving to the public cloud. One CPP customer eyeing the public cloud was taken aback by the question: What is your plan to secure that public cloud workload? “We helped them to understand what it takes to secure any public cloud infrastructure and provided the on-premises solutions with a cost-benefit analysis so they could make an educated decision,” he said.

CPP, in fact, is providing the same kind of data gathering and technical analysis on the security front that it has with its Infrastructure Anywhere Assessments aimed at determining whether a workload should go on-premises or in the public cloud.

Maher said putting all of your eggs in one basket is not good for business. “There is inherent danger in that,” he said. “For the very same reason we tell customers don’t back up your primary data to your primary data source, don’t put all your eggs in one basket because it increases your risk exponentially. You have to understand what the risks are in the first place to be able to mitigate them. That is where we come in as a trusted adviser.”

Trusted adviser status is the very heart and soul of the channel model. And that status is now more in demand than ever given the mind-numbing pace of security breaches. What’s heartening is solution providers like CPP are stepping into the fray to cut through the security pandemonium.