Close Menu
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Facebook X (Twitter) LinkedIn
Facebook X (Twitter) LinkedIn
Information Security BuzzInformation Security Buzz
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Subscribe
Information Security BuzzInformation Security Buzz
Home - News & Analysis - The Top 5 Brilliant things the Cloud Can Deliver – If You Get Your Security Right
News & Analysis

The Top 5 Brilliant things the Cloud Can Deliver – If You Get Your Security Right

ISBuzz TeamBy ISBuzz TeamJuly 23, 2013Updated:July 3, 20247 Mins Read
Share LinkedIn Twitter Facebook Copy Link Email
Voltage Logo
Share
Facebook Twitter LinkedIn Email Copy Link
Quick AI Summary
ChatGPTClaudeGeminiGrokPerplexityDeepSeekCopilot

Everyone has an opinion about the ‘Cloud’ and its effect on business – some believe it is dark and scary and fraught with unnecessary risk, while others would argue it’s silver lined and the path to greater business performance and cost savings.

The truth is that the Cloud undeniably has the potential to open up a whole new dimension of opportunities to businesses – but only if data security is properly addressed.

First let’s dispel any misperceptions you might have about the Cloud. It’s nothing mystical, nothing whimsical, – nothing to be afraid of. Or is it? The reason many fear the Cloud is its reputation as a dangerous, or ‘risky’, place. And that is true. Anything beyond the physical perimeter of the organisation is also, theoretically, beyond the physical protection of the organisation. And let’s face it, there are dangers and risks out there, but that doesn’t mean you have to stay behind a locked door. Instead, by arming yourself with the right security you can stay clear of danger and fully tap into the Cloud’s potential.

The Cloud and security are intrinsically intertwined, and only when both work in symbiosis can a business truly grow. There are 5 main areas where security can team up with the Cloud to offer companies the greatest potential to thrive – and it isn’t hard to get it right:

• Data Protection

Data is key and possibly the most important asset for organisations – a single breach or leak of sensitive data can cripple the entire business, so a data protection strategy must protect the data itself. The ability to move sensitive information into and throughout the Cloud is essential for businesses to function and collaborate efficiently, quickly and freely – but this ability must be supported by a comprehensive data protection strategy. The trick is to protect data at the moment of creation, before it moves out of the enterprise or even enters the Cloud. Only by doing that can you ensure that any data source is comprehensively protected, and the risk to potential exposure is minimised.

• Regulatory Compliance and Data Residency Requirements

Sensitive data that is moved into and across Cloud infrastructures can easily introduce additional complexity and cost to regulatory compliance – potentially costing thousands in fines and damaging reputations. Companies that ensure sensitive data is comprehensively protected can greatly reduce cost, complexity and overall risk in meeting and maintaining regulatory compliance.

• Scalability and Flexibility

The Cloud has opened up previously unseen opportunities for organisations to grow and expand quickly, smoothly and with ease. With information immediately and easily available anywhere, anytime, regardless their own infrastructure the Cloud offers the flexibility and scalability that in the past was an insurmountable obstacle for businesses restricted by their on-site resources. The key to successfully harnessing this opportunity is a flexible data security architecture that is extensible and adaptable across multiple applications and systems, while not adversely impacting the user experience. Failure to put a comprehensive, data-centric protection program can cause Cloud initiatives to be delayed or fraught with hidden security issues.

• Cost Efficiencies

This element is two-fold. Reap the powerful cost savings, by only paying for what you use, so there’s the capital, and operating, expenditure benefits. The second element is that most cloud computing platforms provide the means to capture, monitor, and control usage information for accurate billing. A single, comprehensive data protection platform can eliminate the threat of risky fines from compliance breaches or data loss while also reducing the need to invest into multiple security tools.

• Acess to Data Anytime, Anywhere

When harnessed correctly, cloud-computing capabilities offer numerous opportunities to drive business innovation. Rather than having to provide remote access to your infrastructure, it is available 24/7 for the workforce to access. No longer will you arrive for a meeting only to find the materials on your USB stick are a previous version. Instead you access the original file wherever you happen to be. Sales teams can check stock levels in real time. An employee stuck at home waiting for a delivery, or in an airport waiting for an ‘ash cloud’ to disperse, can still work as effectively as in the office. By employing a security strategy that protects and travels with all data, anywhere, anytime businesses can confidently tap into this invaluable resource.

With so many key business benefits of the Cloud directly affected by and depending on security one would easily be mislead into thinking that a plethora of security measures has to be adhered to in order to address potential issues. Truth is, it all comes back to the data. A single framework that comprehensively protects all enterprise data from point of creation and throughout its lifecycle can eliminate practically all potential security hazards that could threaten the Cloud.
Below are 5 tips for a security framework that will allow you to fully harness the Cloud’s business benefits:

• Leverage Data-Centric Encryption

By encrypting data, regardless of type or source, at capture and protecting it throughout the entire lifecycle, wherever it resides and wherever it moves, data can be protected, used and moved across the enterprise and into the cloud without the need to encrypt and decrypt the data as it enters or leaves different IT environments.

• Maintain Referential Integrity

Format-preserving encryption (FPE) retains the initial structure and format of the data set, encrypting the data while ensuring the structure fits into existing schemas without requiring changes in IT infrastructure or underlying systems in order to store and manage the data. FPE also preserves ‘referential integrity’ of the data, which allows the data to be analysed in a protected state, without having to de-crypt it first.

• Ensure High Performance Processing

High performance encryption results from eliminating manual and constant encryption and decryption processes as data moves through the enterprise, which removes database performance bottlenecks and enables linear scalability. A data protection strategy that includes encryption and tokenisation which can be performed locally at the application, database, or webserver level allows an organisation to dynamically protect terabytes of data on demand, without having to introduce complex procedures, additional technology or interrupt current business process.

• Policy Controls

By giving users or applications permission to decrypt or de-tokenize directly, linking directly to enterprise data access rules and policies, the extension of enterprise controls into the Cloud can be enabled and user management is simplified.

• “Stateless” Tokenisation

Tokenisation is a way of substituting sensitive data with non-sensitive values, and is one of the prescribed data protection methods recommended under industry regulations, including PCI DSS. Stateless tokenisation eliminates the token database and any need to store sensitive data as well as the keys that map the tokens to the initial sensitive data. This allows organisations to efficiently address national and international data residency and privacy requirements, as sensitive data can be maintained in a valid jurisdiction with only a representation of the data being moved. In-scope data can be securely moved and stored across Cloud environments, and only decrypted and used within jurisdictions where it is specifically permitted.

When harnessed correctly, cloud-computing capabilities offer numerous opportunities to drive business innovation. Recent technology and social connectivity trends have created a perfect storm of opportunity for companies to embrace the power of cloud to optimise, innovate and disrupt their existing business models. Could you join them?

About the Author:

VoltageDave Anderson | @Voltagesecurity | Voltage Security

Dave Anderson currently serves as the Senior Director for Voltage Security, where he is responsible for developing market strategy, delivering new technology solutions to market, and managing global campaigns and programs for Voltage’s data protection and encryption solutions. Prior to Voltage, Dave led marketing and program strategy for McAfee, SAP, and VeriSign.

Dave has 20 years of experience within business strategy, marketing, and product development at leading technology and services firms, including SAP, ArcSight/HP, KPMG, and VeriSign, and has worked extensively across Asia and Europe in delivering market and industry security solutions. His expertise focuses on strategy and planning, marketing, and operational governance.

Dave received his MBA from Duke University, the Fuqua School of Business in 2010. He has been published in multiple industry and technical journals, and is a frequent speaker on risk management, corporate governance, security, and strategy.

ISBuzz Team
  • ISBuzz Team
    Air Canada Data Breach: BianLian Extortion Group Claims A Massive Heist Contrary To Airline’s Earlier Statement
  • ISBuzz Team
    Unprecedented DDoS Attack Rocks The Web: Tech Giants Reveal A Digital Tsunami
  • ISBuzz Team
    CISA Flags High-Severity Adobe Acrobat Reader Flaw Amid Active Exploits
  • ISBuzz Team
    Curl Security Alert: Patching A Critical Bug Averting Potential Cyber Catastrophe

The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.

Share. Facebook Twitter LinkedIn Email Copy Link

Related Posts

Visual data is the blind spot in enterprise security: that’s about to change

May 4, 20267 Mins Read

Making stolen data worthless: why security must start with the data

March 30, 20265 Mins Read

Meta’s Smart Glasses Privacy Scandal Expands After Sama Credentials Found on the Dark Web

March 10, 20264 Mins Read
ISB-Bora-Side-Bar

No se ha podido establecer conexión. Error 429

 
ISB-Bora-Side-Bar
Black ISB Logo

Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics

X (Twitter) LinkedIn Facebook RSS

Working With Us

  • About Us
  • Advertise With Us
  • Contact Us

Write For Us

  • How To Contribute

The Pages

  • Privacy Policy
  • Cookie Policy
  • AI Policy
  • Terms & Conditions
  • Copyright Notice

Information Security Buzz and all its contents are copyright © 2014-2025. All rights reserved. All third-party trademarks are recognized.

Type above and press Enter to search. Press Esc to cancel.

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}