It may come as a surprise, but the cloud is still considered a new technology for many organizations. In fact, only 14 percent of IT budgets will be spent on the cloud in 2016. As with introducing anything different to an organization, there are concerns and hesitations that come along with it – especially when it comes to the vulnerability of a company’s data in the cloud.
According to a report from Vanson Bourne, 76 percent of those surveyed said security was the main concern when using cloud-based services. Almost half of respondents admitted that they are “very or extremely anxious” about the security implications surrounding the cloud. But, businesses need to keep in mind that data security isn’t dependent on whether the data resides on premise or in the cloud. It all comes down to putting the right security measures in place to protect data and prevent future data breaches from happening.
Companies are missing the opportunity to make huge gains in their productivity, agility and costs because they are letting common misperceptions around greater security concerns in the cloud stop them in their tracks. So, how can businesses get past the roadblock of security concerns? By looking to service providers, doing their due diligence, conducting a self-assessment and prioritizing internal education, companies can build confidence in their cloud security.
Prioritize Education
Since the dawn of the very first server, the biggest security threat to data has been the risk of human error. In fact, according to a cyber security intelligence report, more than 95 percent of the cyber-attack incidents investigated in 2013 cited human error as a contributing factor.
But, what businesses need to realize is that the threat of human error is really no different regardless of where the data is located – whether it’s in on-premise or off-premise environments.
By prioritizing the education of employees and fostering a security-aware culture across the organization, businesses can boost confidence and reduce the potential for security issues and information loss through human error. Guiding staff to make smart decisions will not only help prevent errors, but also free up the IT team so that it isn’t consistently wrapped up in solving mistakes. That means more time – and money – back into organizations’ pockets.
Don’t Go It Alone
Organizations can easily get caught up in their doubts and anxieties around security and forget that cloud service providers can actually offer broader security capabilities, often beyond what their IT departments can accomplish even in an on-premise infrastructure environment.
One of the major uncertainties around security in the cloud is the perceived lack of control. The key is to have responsive IT providers who can address security needs at a moment’s notice. What’s more, reputable, experienced cloud providers will actually have much better security controls in place than that of a business’ internal IT department. In fact, a cloud security report shows that on-premise users experience an average of 61.4 attacks, while service provider customers averaged only 27.8.
By using a third party to manage infrastructure, there is actually the potential for much greater security around “inside” security problems, whether they are hacks or errors. This helps to create a more defined, logical separation of duties that will effectively limit insiders’ access, thus resulting in less internal human errors and, ultimately, better protection of corporate data than if the company hosted the data in-house.
Do Your Homework
Before jumping on board with a service provider though, due diligence is always a best practice. Businesses need to conduct a thorough evaluation of the provider’s credentials, capabilities and track record of security incidents to ensure that it is the right provider for the job.
Organizations can start by asking a series of questions, such as if the provider has compliance and security certifications and, what’s more, if they have those certifications for all of the geographies your business plans to operate in.
Businesses should also ask how exactly the provider will protect their data, whether that provider has an understanding of local data privacy laws and, finally, if that provider has ever suffered a data breach of their own. Doing the background work to understand the provider beforehand, will help a business ensure peace of mind in the long run.
Self-Assess
In addition to assessing outside providers and partners, it’s also key for a business to do a self-assessment of its own applications and decide which are suitable for cloud environments. The cloud is not necessarily a one-size-fits-all solution and some applications are best suited for the public cloud, while others are a better fit for private cloud.
To help alleviate concerns around cloud security, businesses should start with the public data sets as targets to move to the cloud – whether that’s websites, marketing campaigns or blogs – as those typically encompass some of the less sensitive data. Next, it’s best to tackle the new applications, as businesses can plan to build them specifically for the cloud or look into potential cloud-based replacements that would be better served for those applications specifically.
Because of the sensitivity and often complex interdependencies around legacy applications, businesses should plan to keep them in place, at least initially, as this will help build confidence in the cloud with any internal stakeholders as the company gets to know its new cloud provider and IT staff become more experienced and comfortable using the cloud.
Complete Cloud Transformation
As businesses work to build confidence in the cloud, the advantages it brings will become clear and security concerns will fade to the background. Its agility and ease-of-use will start to outweigh any lingering doubts about security, and organizations will quickly be on their way to a successful – and secure – cloud transformation with the help of a trusted provider.
[su_box title=”About Toby Owen” style=”noise” box_color=”#336588″]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.