According to a 2018 Gartner survey, respondents ranked cloud security as the No. 1 risk facing organisations. This, along with a report by security firm Ingram Micro stating that 83% of businesses say security, for data storage or running sensitive apps and services, is their top concern when migrating to the cloud, gives insight into why businesses haven’t all adopted the cloud as part of their business practices.
And although this concern isn’t unjustified, cloud providers are putting security at the forefront of their products. By using military grade defences, providers can protect their clients’ data and ensure their environments are as safe as they possibly can be.
But as is the case with other features of cloud services, not all products are equal and some provide better levels of security than others. This isn’t because cloud providers don’t realise the need for solid defences, but because different products are designed for different use cases. Some are designed for highly regulated and sensitive industries, while others don’t need to be so locked down.
If you’re a little confused about what you should be searching for when choosing your cloud provider and service, here are three things to look for from a security point of view.
Up to 95 percent of data leaks in the cloud through 2020 will happen because of human error. Learn how to protect your data in this whitepaper.
The first thing to check for is the solution’s ability to share information across departments. This functionality is key to CIOs looking to transform their businesses by improving customer experiences and organisational agility, while also introducing new digital revenue streams.
Corporations run hundreds, and sometimes even thousands of interconnected applications to support their operations. Traditional solutions store information in many different places, so keeping those systems in sync is a challenging task.
True, multi-tenancy SaaS—with human resource, finance and planning data stored in one application—makes all of this much easier. This central design has many benefits, including all systems working from a common framework, so there are no inconsistencies in data. It also eradicates the disconnect between the system and its users; a problem prevalent in many legacy systems.
Consequently, overall security improves with a single version of the software that is continuously updated, scanned and patched. This is far better than working with multiple packages, and any security-related changes to the system architecture are relayed to all customers simultaneously. If a leading enterprise needs a stringent new security feature, it’s available to an SMB as well.
In the old days, corporations relied on firewalls to protect information, believing that once the business had warded off outsiders, information was safe. Since hackers can attack systems at different levels, such thinking is now very outdated. Once hackers gain access to a system, they stay, often working their way from low-level to high-level security clearances and compromising sensitive information.
Encryption serves as one way firms can protect themselves. Typically, data is encrypted in transit, which is a first rather than last step. Once information enters the data centre, it’s unencrypted and therefore vulnerable. To address this problem, organisations need to encrypt information at rest in a persistent data store.
Unfortunately, these systems are complex and difficult to implement, so cloud services built on legacy architectures rarely support the encryption of all customer data at rest.
With modern cloud architectures, a good cloud vendor will take on those responsibilities, especially if privacy and security are embedded into the system from the beginning.
Almost three quarters of successful data breaches gain access through an endpoint. Download this whitepaper now to learn more about securing your laptops, tablets and mobiles through the cloud.
Support for third-party standards
Industry and government groups have designed various compliance frameworks to protect customer information, such as the EU’s GDPR. However, the specifications are only a starting point.
While assessing a solution, the various compliance standards and security implementations should be thoroughly examined. Is the service simply aligned with the standard or has the service been certified? How is the information stored? What level of encryption is supported? How are updates handled?
All cloud providers claim to have secure systems, but few offer the higher levels of protection needed for an enterprise’s valuable data. Carefully examining a vendor’s solution, however good it may seem on the surface, is the key to a compliant, breach-free cloud future.