Cloud of confusion: Security in the cloud
- 13 June, 2018 00:01
In today’s world, CIOs are continuously having to evaluate whether their data is safe and secure. Why? Well, with several high-profile data breaches in the past few months, organisations are now firmly directing their attention to securing and safeguarding their data.
Many companies are looking to cloud as the solution to safeguarding their data, however myths and mistruths continue to exist when it comes to security within the cloud. These myths, along with the rapid growth of technological advancements, add further complication and confusion for any company deciding on whether to migrate to the cloud.
By addressing the top five myths surrounding cloud security, Accenture hopes to provide organisations with the facts to allow organisations to make more informed decisions as they embark on their cloud journey.
#1: "Cloud is inherently insecure"
This is without doubt the biggest myth surrounding cloud. Cloud providers take security seriously. If they didn’t, they would have a business, it’s that simple. Cloud providers take security so seriously that they employ dozens of different security frameworks and controls, much more than the typical company would in its own facilities. Under the new GDPR rules, which recently came into effect, cloud providers are now directly liable for sanctions and can face lawsuits if something goes wrong. The simple fact is, given this heightened regulatory environment, data in the cloud is likely to be more secure.
#2: "There are more breaches in the cloud"
For those who see off-site security for the first time, it’s hard to fathom that data stored beyond the physical can be safe, but it’s true. There are so many security tools available today that didn’t exist before that can help build the best defences possible against people looking to exploit vulnerabilities. Take cloud security solutions provider Bitglass. Their aim is to reduce the risk of data loss and maintain a company’s data transparency by acting as a cloud-access security broker. Bitglass is one of many cloud security tools that helps stop those looking to exploit vulnerabilities in your security.
#3: "It’s critical for me to have physical control of my data for it to be secure”
The truth is that successful data security ultimately relies on who has access to data as opposed to the physical control it. What is critical is setting up the right encryption and controls for the right sets of data. This will ensure only those with the appropriate permission to use that data can access it. This is important given that only 9.4% of cloud providers are encrypting data.
It is also worth noting that there are different options for handling data in the cloud. Especially as not all data is equal in value, risk and regulatory compliance. There is increasingly separation of what data is stored where.
#4: "I can easily use my current security tools in the cloud"
"Can I bring the tools I'm using in my data centre over to the cloud?" Unfortunately, you can’t. While some tools will work, most won’t be able to deal with cloud-specific concerns. Security tools must be agile, accurate and possess the ability for rapid attack identification. They must also be able to roll out application code without going through a DevOps security process.
#5: "Security maintenance in the cloud will be really complex and different"
This is incorrect. While specific tools are different, they will just need to be somewhat tweaked. The majority of best practices and operational procedures for maintenance put in place before moving to the cloud can still be used to monitor and maintain security in a cloud environment.
Reconsider your cloud management platform
As you can see, security in the cloud is a big deal. Accenture believes that security should be a foundational element of any cloud management platform. Companies should look to a single control plan to manage their security. A single control plan allows clients to manage security through a single control plan instead of using multiple tools. Not only does it allow single focus of use, but it also allows increased visibility to the entire cloud estate, while ensuring resources are securely configured. For example, a multi-cloud management platform helps manage your business services securely and effectively across multiple clouds on demand, at speed, from a single point.
Cybersecurity is a growing concern for Australian companies. If handled incorrectly, it can result in data breaches which are costly to repair on numerous levels. Given this climate, CIOs should turn to cloud as a safe and secure solution. Whether companies are yet to begin or have already started their cloud migration, it is inevitable that they will face a lot of questions and obstacles along the way. Accenture believes that with the robust tools and practices now available, security shouldn’t be one of them.
Jordan Griffiths is Accenture’s operations lead within Australia and New Zealand.