Introduction and the weakest link
What has the cloud ever done to you? General enthusiasm for moving huge tranches of private, sensitive company data onto the public cloud seems to wax and wane. It waxes as prices drop, new pay-as-you-go business plans emerge and new SaaS products go online, and it wanes when the media cover an Ashley Madison or a TalkTalk hack – and there have been plenty of those in 2015.
Security concerns remain the most common reason for businesses avoiding public cloud services, but providers like AWS, Microsoft, Google and IBM insist that their clouds are safe. That only leaves one weak link – the people who work for the businesses that use them. If the cloud isn't as safe as it should be, it's your fault.
The public cloud's weakest link
According to analysts at Gartner, 95% of cloud security failures by 2020 will be the customer's fault. "Only a small percentage of the security incidents impacting enterprises using the cloud have been due to vulnerabilities that were the provider's fault," says Gartner's report Top Strategic Predictions for 2016 and Beyond: The Future Is a Digital Thing.
Though it points out that organisations shouldn't assume that using a cloud service is secure, it also underlines the fact that the parts of the cloud stack under the control of users puts the whole concept at risk.
"Cloud computing [is] a highly efficient way for naive users to leverage poor practices, which can easily result in widespread security or compliance failures," it reads. Cue the growing market for public cloud control tools – Gartner predicts that by 2018 over half of all companies employing over 1,000 people will use cloud access security broker products to monitor and manage their use of the public cloud and SaaS.
How concerned are companies?
Data security is one of the major reasons why some companies are wary of jumping on the bandwagon. "Comprehensive network security is vital to any business, and public cloud services simply don't offer the appropriate levels of protection afforded by a private network solution," says Stephen Donovan, Marketing Manager at AVR International, which provides specialist IT security and mobility solutions.
He continues: "In our experience, companies are wary of public cloud services because they lack the key preventative measures required to adequately protect sensitive corporate data and information – thus making them an insecure platform on which to operate long-term."
If, however, users implement a combination of efficient authentication processes with the appropriate IT security software, it is possible to protect and secure data on a fully public cloud service.
The fuss over PRISM in 2014 and the abolition of the Safe Harbour Agreement were huge media events with a long-term impact. "They have influenced the public opinion and drastically increased company concerns when it comes to the security of public cloud services," says Sandra Adelberger, director of product marketing at on-premises and cloud software company Acronis. "But on the other hand, more and more businesses realise that they need to leverage cloud as it can bring huge benefits to them in multiple ways."
Microsoft's message and staying in control
Keeping it local
Companies increasingly want to keep it local. In the US and other large countries that makes little sense, but in Europe it's becoming a noticeable trend. "There is a clear trend in Europe towards vendors with data centres in the local countries, non-US based vendors or private cloud offerings," says Adelberger. Companies want to know where the data resides, and what security level is provided.
The knee-jerk is to trust on-premises data storage more than public cloud solutions, though the former comes with its own cons. "If the company uses a highly secure firewall, an on-premise solution will likely be quite secure," says Adelberger, "but the disadvantage is not security, but the lack of availability, and the risk of data loss in case of disaster."
If an IT infrastructure gets destroyed, everything that was on-premise is lost. The advice for any company not ready to face the cons of on-premises or of the public cloud are simple – opt for a virtual private cloud.
Microsoft's message
Satya Nadella, CEO at Microsoft, insisted recently that his company pumps $1 billion (around £660 million AU$1.4 billion) into security R&D annually, including for its Azure public cloud.
"As a high-profile operation Microsoft has long been a target for attackers, and with the cloud and mobile the baseline for the company strategy, the security stakes are increasing," says Angela Eager, Research Director at TechMarketView. "Microsoft needs to protect its assets and its customers, of course, but the renewed security strategy will also help push its cloud services, especially Azure where acquisitions have been made to bolster security," she adds.
Microsoft is looking to build an Azure Rights Management Service using its recent buyout of Secure Islands (which secures data for UBS, Vodafone and Credit Suisse).
"Microsoft's message is that it can be trusted to do its best to provide protection in a perimeter-less environment," adds Eager, who thinks that the new reality is that the cloud and mobile devices makes every supplier a security supplier.
Staying in control
The fact that the cloud can be used by non-IT-savvy staff is a good thing – that's kind of the point of it. However, it's got to be compatible with the security policies set up by the IT team.
"IT needs to stay in control of company data and its flow," says Adelberger, who recommends using cloud access security broker products. "But still IT needs to make sure that all access from all devices involving company data really go through that solution," she adds. "If not, a company can offer their employees an alternative solution using a private cloud."
If widespread use of Dropbox comes to the fore it's not time for a crackdown by IT, it's time for a rethink.
Abandon the cloud?
Security concerns are no reason to abandon the cloud, but the public cloud is only secure if a company explicitly makes it so. "There are so many different offerings nowadays," says Adelberger. "Know your requirements, demand transparency from the solution provider and don't risk your business."
However tempting the public cloud may be, the level of security, privacy and service will drastically differ. Companies paying by the gigabyte should be careful, thinks Adelberger, who adds: "There is no such thing as a free lunch."
http://ift.tt/1mxJAOY
No comments:
Post a Comment