Healthcare, finance and other industries now store sensitive data in the cloud. High profile security breaches occurred at JPMorgan, Adobe and other major companies last year. No doubt, a cloud security issue can damage a business's reputation, trigger remediation costs and destroy customer trust.
Still, surveys suggest customers aren't taking proper steps to safeguard their cloud-based assets. Indeed, 76% of the IT leaders cited security as their chief concern; but 50% of them admitted to adopting the far-less-secure’ mass market consumer cloud services, rather than a more secure hybrid solution, designed specifically for the enterprise, according to a recent BT report.
Finding the appropriate cloud service provider, which can help you become more cloud security-savvy and has the resources to constantly update their security solutions, is a key to success and peace of mind. Also, when it came to government requests for data, experts rightly point out that big companies such as Google or Microsoft are better equipped to fight the legalities than individual businesses.
Are you Cloud Ready?
Roughly 28% of applications are already hosted in the cloud. That figure will rise to 35% in 2017(alarming or not). So, how can our organizations make the transition securely? First it’s important to get a full cloud readiness assessment to determine which apps and projects are suitable for migration. Second, it’s important to find a provider that has an innovative, customizable, regularly-updated security strategy and trusted partners in specialist areas, such as testing.
Here are four top cloud security considerations:
- 1. Data Protection: Classify and categorize your data sensitivity and adopt best-in-class encryption to secure the full spectrum of data, including data at rest.
- 2. Threat Defense: Ensure your provider employs intrusion detection and prevention systems, denial of service attack prevention, penetration testing, antimalware and data analytics to identify and mitigate threats.
- 3. Network Security: Securely connect multiple on-premises locations, and keep your traffic off the internet with a secure private connection to your provider’s datacenters similar to what Microsoft does with their ExpressRoute for Azure. Give your ITO better network control by getting your network traffic sent back to your on-premise location for policy validation and deploying multiple NICs.
- 4. Identity & Access: Controlling who can see and manipulate your cloud applications, is paramount to your security. Restrict access and permissions for sensitive resources, and ensure your reporting shows suspicious access and incidents like someone logging in from an unknown device, stopping a website or deleting a virtual machine.
Above all, I think that a change in attitude is the best way to approach designing a successful development and testing strategy in the cloud. We should view this as a prime opportunity to reassess and enhance our security enterprise-wide. As hackers get more and more inventive, it becomes necessary to adopt such strict security measures to give your customers the confidence they deserve.
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access