The Soft-Edged Cloud: A Security Challenge

Advertise on CloudTweaks

The Cloud Security Challenge

The use of the term “cloud” to describe global, offsite, computing and storage technology is apt for a number of reasons; not all of them good. The metaphor succeeds largely when people visualize their data hovering over their heads, no longer tied to a single location, and consequently easy to access from anywhere. But there are other parallels with actual meteorological clouds, specifically their soft, amorphous shape. This causes problems in perception and definition, which naturally lead to potential difficulties with security.

ISC 2 - CCSPDavid Shearer, CEO of cyber, information, software and infrastructure security certification and education body (ISC)2, points out that the enthusiasm or pressure that companies feel to build their businesses quickly into the cloud can potentially lead to a fundamental weakness. “The easier it becomes to purchase cloud solutions,” he says, “the easier it is for organizations to get ahead of themselves. Business lines within a company can easily acquire cloud-based services, and the fast time to acquire and provision cloud services is extremely attractive. Any organization would be crazy not to take advantage of that.” Shearer points out, however, that when a company elects to leverage cloud solutions and services, management needs to be smart about it; and part of that includes proper and continuous security measures:

As recently as a few years ago, security was looked at as a hindrance; something that got in the way. In these situations, sometimes bad things needed to happen for people to pay attention. In the C-suite, if nothing else, CEOs and CxOs are losing their jobs for a perceived lack of due diligence and lack of strategy to protect a corporation’s intellectual property or personally identifiable information – and that gets people’s attention. Increasingly, what is needed is better communication between those actually responsible for making security work, and the C-suite.

In addition to the lack of clear comprehension of cloud in the executive office, there is also a similar disconnect throughout other levels of business.

Defining The Cloud

Adam Gordon is an author, subject matter expert and instructor at (ISC)2. He illustrates a significant challenge to cloud security being the definition of cloud itself. There’s a great interest in anything and everything cloud,” he says, “but the problem is, as individuals and as businesses, we don’t always understand what cloud means. As a result, there tends to be a gap, where consumption is a lead indicator and security is an afterthought.” It is ill-defined in many people’s minds, Gordon adds. “Many people look at it as a marketing slogan or a marketing solution, but they don’t really get it. As a result, I think one of the biggest issues that we face, as security professionals in the cloud, is the idea of how to create a common ground in terms of what it is we are talking about and how we will frame conversation around risk, liability, security, and things that go with that.”

Yet a third challenge to effective understanding of the cloud is the change of mindset needed, especially among managers and decision makers who spent their early years in the company of mainframes, dumb terminals and internal networks. For many, there is a pervasive, almost instinctive sense that data and computing systems are physically safer when they exist inside the actual walls of a company where they can be seen and touched. The notion of storing data on someone else’s computer somewhere in the world just does not feel right. The truth is that data is generally safer when transferred to the vaults of a cloud organization whose sole mandate is secure storage, but adherence to ideas from an earlier age is a very human attribute; one that never fully disappears.

Mobile Employees

Mobile security

(Image Source: Shutterstock)

Finally, there is the relatively new phenomenon of mobile employees who see their smart devices as their office, and who expect to use them at home, at work, and in public spaces like coffee shops and transit terminals, accessing Wi-Fi connections with little thought as to security. This soft, boundary-less setting has a direct parallel to actual clouds. Where, after all, does work-related security begin and end, when the device being used shares storage space and connectivity with personal files and pursuits? Adam Gordon worries that enabling individuals to work productively in these non-traditional environments with equally non-traditional capabilities and platforms opens up a collection of unknowns in terms of security and the individualized approach to data.

The softness of the cloud reinforces the need for a new type of security specialist; someone with the experience and wisdom to stay on top of a fast changing environment, and with the skills to communicate the necessary directives to the executive as well as to the rest of the IT team. This is the reason behind the development of the CCSP designation. The cloud will only continue to grow in size and versatility. Successful usage must involve a sound and ongoing security strategy across all levels of operation.

For more on the CCSP certification from (ISC)2 please visit their website. Sponsored by (ISC)2.

By Steve Prentice

Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.

View Website

CONTRIBUTORS

5 Ways Cloud-based Tools Can Help Accountants Escape The IT Treadmill

5 Ways Cloud-based Tools Can Help Accountants Escape The IT Treadmill

Accountant Cloud Tools Digital tools and software have become an inseparable part of any accountant's profession. There are software for ...
Ransomware: A Digital Pandemic - Is There A Cure?

Ransomware: A Digital Pandemic – Is There A Cure?

The Rise Of Ransomware You can imagine the scene: you’ve just completed that business plan and a set of accounts ...
Imminent IoT Eye-Tracking Technologies To Transform The Connected World

Imminent IoT Eye-Tracking Technologies To Transform The Connected World

IoT Eye Tracking Smelling may be the first of the perceptible senses, but the eye is the fastest moving organ ...
Metal Detecting Drone

The Rise Of The Metal Detecting Drone

Metal Detecting Drone Look up in the sky; it's a bird, no it's a plane. No, it is a swarm ...
IoT Security Intel

Cyber IoT Security: McAfee on Threats and Autonomous Cars

IoT Security Autonomous cars are just around the corner, there have been IoT security controversies surrounding their safety, and a ...
Small Businesses CAN Compete Using The Cloud

Small Businesses CAN Compete Using The Cloud

Small Businesses Cloud In the past, small business owners had to either run applications or software that was downloaded physically ...
Follow the Lead: 5 Data Security Tips Small Businesses Should Mimic From Larger Enterprises

Follow the Lead: 5 Data Security Tips Small Businesses Should Mimic From Larger Enterprises

Data Security Tips Small Businesses Should Mimic As more and more companies begin to switch to the cloud, cyber attacks ...
Safeguarding Data When Employees Leave The Company

Safeguarding Data When Employees Leave The Company

Safeguarding Data Employee turnover is unavoidable. According to CompData Consulting, the average employee turnover rate in 2015 in the US ...

NEWS

Treacherous 12: Top Threats to Cloud Computing + Industry Insights

Treacherous 12: Top Threats to Cloud Computing + Industry Insights

Top Threats to Cloud Computing SEATTLE, Oct. 20, 2017 /PRNewswire/ -- The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining ...
Toyota to test self-driving, talking cars by about 2020

Toyota to test self-driving, talking cars by about 2020

TOKYO (Reuters) - Toyota Motor Corp (7203.T) on Monday said it would begin testing self-driving electric cars around 2020, which ...
IBM’s cloud, cybersecurity and data analytics business rose 11 percent to $8.8 billion in the quarter

IBM’s cloud, cybersecurity and data analytics business rose 11 percent to $8.8 billion in the quarter

Big Blue back on the attack, analysts cautious (Reuters) - IBM shares surged 5 percent on Wednesday after the world’s ...

CloudTweaks CONTRIBUTOR PROGRAM

The CloudTweaks thought leadership profile building program is free to join but requires a commitment of atleast 3 articles over a 12-month period. Articles must be vendor-neutral in nature, related to connected cloud technologies and written by an executive level business representative to be considered.

You can also contact us to hear more about our on-demand content and lead generation programs for 2018