Want to move more data and apps into the cloud, but you’re hesitant to do so because of security? It’s a valid concern. After all, protecting your sensitive data is your responsibility. When you put your data in the cloud, you’re taking a risk. It’s a calculated risk, one you’ve thought about carefully. But nonetheless, it’s still a risk.
These risks are driving enhancements in cloud security. The portfolio of cloud security products and services on the market is growing, and the market is expected to reach $12.6 billion by 2024.
That’s good news for you and your company. But as you develop your cloud strategy (or further expand your cloud services footprint), keep the following list of security considerations in mind.
5 Things to Consider About Security in a Public/Hybrid Cloud
You have to know what is going on before you can respond to a threat or prevent a potential problem. Traditional legacy tools won’t provide the visibility you need in order for you to do that in the cloud. How will you gain visibility into your cloud instances? How will you know what is happening with your apps and data?
In the cloud, you have less control over where your apps and data reside. Because infrastructure is shared, instances can be replicated and spread out. You’ll need to build telemetry into cloud-native apps to help monitor system logs and performance. You’ll need tools to help you monitor traffic and keep tabs on who is accessing your apps and what is being done with your data. And you’ll want to consider a cloud access security broker (CASB) solution, so you can monitor actions involving uploads and downloads of files, as well as changes to user rights, data access, or controls.
Your decision on tools will impact your security. In fact, Gartner predicts that “by 2018, the 60% of enterprises that implement appropriate cloud visibility and control tools will experience one-third fewer security failures.”
- Native Security Protection
The old thinking of “secure the perimeter” doesn’t work anymore—not in the data center and definitely not in the cloud. The classic sense of perimeter security—i.e. keeping the bad guys out—no longer exists. But that doesn’t negate the value of traditional layered security tools, such as next-gen firewalls, intrusion detection and prevention solutions (IDS/IPS), and web application firewalls.
In the past, these tools weren’t available in the cloud. You had no way of providing this type of protection for cloud workloads. Today, however, things are different. Cloud versions of these solutions are available. That enables you to replicate many of the native security tools you use in your data center today to provide the same level of protection in the cloud.
- Regulatory Compliance
How will you satisfy all the regulatory requirements you’re required to meet? Is your cloud provider’s data center ISO 27000 certified? When you introduce a third party to your environment, you must ensure their security and controls will satisfy your audit requirements.
Your cloud provider should be able to attest to their certification. They should be able to provide web application assessment reports, penetration testing results, SSAE 16 SOC 1 or SOC 2 reports, and evidence of ISO certification.
- Cloud-to-Cloud Communication
Having an effective business continuity plan is essential for lowering business risk. How will your cloud provider handle your data? Should you be replicating data to more than one cloud provider for redundancy and disaster recovery? If so, how will you ensure the cloud interconnect is secure?
- Business / IT Alignment
What does alignment with the business have to do with security in the cloud? Consider this: security is a board room topic. Senior executives are more concerned today than ever before about lowering the business risk associated with data breaches. Because cloud is attractive and fast to implement (and a little mysterious), your information security program needs to be effective.
Everyone in your company has a stake in security. Protecting intellectual property and other sensitive data is a cross-organizational responsibility. But the success of your information security program depends on your ability to communicate what you’re doing and why—in business, not technical terms. Otherwise, you run the risk of business units doing their own thing and creating shadow IT environments. And that can create a huge security problem. According to a study conducted by Intel, 65% of the participants said that shadow IT interferes with their ability to keep their cloud environments secure.
When it comes to security, sponsorship from the business can mean the difference between success and failure. According to Gartner, “by 2020, IT-sponsored information security programs will suffer three times as many significant breaches as those sponsored by business leaders.”
Securing the cloud is complicated, and as employees are increasingly mobile and collaborating more freely, there is a growing need for security that governs usage and protects data everywhere. Advancements in cloud security products and services offer new alternatives and open up more opportunities for you to secure your cloud data. Contact ePlus for a Cloud Access Security Broker (CASB) Assessment, and learn about implementing a solution that will protect your organization. For help with finding answers to your other cloud security questions, check out ePlus Security, email firstname.lastname@example.org, or contact your ePlus Account Executive.