Busting myths and taking names, part 3: Does moving to the cloud increase risk?

In this blog series, we’re breaking open four pervasive myths about enterprise applications.

Today we take on Myth #3: Moving to the cloud increases risk.

Let’s just tackle this one head on. Can moving to the cloud increase risk? Absolutely. Does it have to? Not anymore. Let me explain.

Yes, the cloud can pose additional challenges to the security and availability of your data. For one thing, cloud deployments often involve intricate architectures that are constantly changing. Shadow IT can make it hard to monitor and protect all your cloud resources. Safeguarding what feels like endless endpoints and sprawling applications can be daunting.

It can also be hard for enterprises to accurately measure their risk when the underlying infrastructure is secured and managed by the cloud service provider. Just how safe is your cloud provider keeping your data? And does that even matter?

All major cloud platforms operate based on a shared responsibility model when it comes to security and compliance of the services they offer. That means the responsibility for protecting and securing your data falls mostly on you. Whether your data is on premises or in the cloud, the risk is yours to mitigate.

What does that mean for your enterprise applications? Reliability, availability, and resilience exist along a continuum. Every company has applications that have to be highly available and highly protected. Taking orders on Cyber Monday? Accessing electronic health records? Transactional databases that are used for order entry or to house personally identifiable data need to be both highly available and highly protected. User training, dev/test, maybe even reporting, are not quite as needy as those transactional databases and their associated applications.

Whether you’re running your enterprise databases and applications on premises, in the cloud, or in a hybrid environment, two concepts are especially important: data security and data resilience.

Data security is all the things that you set up—technologies, policies, and procedures—to protect your data from unwanted access. Resilience is the ability of the IT system to withstand certain types of failures and remain functional from a customer perspective. My colleague Dave Krenik has blogged about how to build resilience into your data, apps, and business. Which is better, security or resilience? You need both.

Ransomware attacks are part of living in a connected world. By 2025, at least 75% of IT organizations will face one or more ransomware attacks. More endpoints and a diffuse network mean that companies take an average of 197 days to identify a breach.^{Unfear ransomware without taking your hybrid cloud offline.}

This situation has many enterprises asking, “How do I leverage the cloud but keep my data secure? How do I protect against and remediate increasing ransomware attacks on premises and in the cloud?”

The big difference between NetApp and some of our biggest competitors (who shall remain nameless) is that we make security “invisible.” We embed security into our solutions. Unlike our competitors, who depend on third-party data protection solutions, NetApp^® security is built in and native. That means we can help you stop threats, detect attacks quickly, and minimize downtime and data loss across your entire hybrid cloud environment​.

Resilience looks like recovering quickly from unplanned events and getting apps and data back up and running in minutes. Although the cloud can create new opportunities for bad actors, it can also play an important role in fighting back against them. As Dave Krenik points out, IDC says that “a single, unified, multicloud data management strategy is a must for business resilience.” ^{Building resilience into your data, apps, and business.}

A good data protection strategy follows the old 3-2-1 rule: three copies, two different media, and one off-premises location. Incorporating the cloud into your data protection strategy is an effective way to add copies, media, and locations.

My colleague Jason Blosil describes “cyber resilience” as combining data protection with traditional IT security. It’s about protecting data from the inside out. With the hype around Zero Trust giving way to confusion, it’s more important than ever to defend yourself with a solution that keeps your data available, protected, and secure, no matter where it resides, on premises or in the cloud. That means you can:

• Identify
• Protect
• Detect
• Respond
• Recover

And you can do it all with a single data-centric, cyber-resilience solution that spans your on-premises and public cloud environments.

Can the cloud increase your risk? Sure. Do you have to let it? Not if you protect your data at the source. See how NetApp helps protects data in hybrid cloud environments And check out this infographic to see what other myths you can bust by partnering with NetApp.