Even Companies With A "Cloud First" Strategy Have Lingering Security Concerns

Lingering Security Concerns

Considering the cost and time-to-market advantages of SaaS applications in particular, it’s no surprise that companies are looking to the cloud to meet their business objectives. But what happens when a ‘cloud first’ company must also put security and compliance first?

In a recent Bitglass survey report from a cloud access security broker (CASB), CIOs and other IT leaders shared their views on cloud computing and information security. More than half (55%) say their organization has adopted a “public cloud first” strategy in 2016. That is, when they are considering the use of new applications for managing their data, they will first see what’s available in the public cloud.

removing-cybercrime

While interest in SaaS applications is high, organizations looking at this option still have some security concerns. Respondents to the survey listed the following as their biggest cloud security challenges for 2016:

  • Controlling downloads of company data/information (36%)
  • Evaluating cloud security providers’ security controls (24%)
  • External sharing of company data/information (21%)

Many companies fear they will lose end-to-end control over their data records and informational documents once they go into a cloud application. IT leaders need to ask their SaaS (or CASB) providers some serious questions about what security measures can and will be applied as information goes into and out of the cloud application, as well as when it sits at rest in storage.

CIOs are disinclined to use cloud applications that offer minimal security. This is the very reason why the CASB market was born and has grown so quickly. CASB vendors provide organizations with a gateway application through which data flows on its way to/from SaaS applications in order to apply security mechanisms such as encryption or data loss prevention (DLP).

Security First, SaaS Second

Many SaaS applications have been built around rich features and functionality—but not on the premise of securing information throughout its lifecycle. Thus there are legitimate concerns about information being inappropriately downloaded to personal or mobile devices, put on an inherently insecure file share, attached to an email going outside the company, or accessed by an administrator for the cloud service provider. If there is even a hint of a possibility that one of these things may happen, the cloud solution may be ruled out by the CIO or CISO of an organization for lack of proper controls.

cloud-comic3

Many organizations are looking for a secure means to enable work collaboration and the sharing of highly sensitive documents both internally and externally with select business partners. There is no margin for error concerning the protection of their documents, but fears can be diminished by adopting the following:

  • Cloud providers must operate with the philosophy that security is the core and the file sharing and collaboration features are architected into it. Providers should also provide multiple levels of encryption and allow customers to own the keys if they desire it, By providing granular security on a file by file basis, security can also be embedded into each file for its entire lifecycle. Moreover, businesses’ solutions don’t need “bolted on” security mechanisms from third party providers like CASB vendors. Customers’ trust is sacrosanct, and should not be handed off to partners.
  • Cloud providers must allow their audit team to take an in-depth look at data center security practices, not just on paper. Teams should do an annual on-site visit to determine if a company’s security, privacy and data sovereignty controls and practices match their own. Once a company receives a final report after each assessment, customers’ concerns can then be addressed and security postures continuously built stronger.

To the IT leaders who want to be “cloud first” but still have security concerns about public cloud applications, and who worry about controlling downloads and external sharing, I recommend evaluating your SaaS provider’s controls. Get in touch with a secure collaboration and file-sharing provider. They’ll help you implement your “cloud first” strategy for business collaboration in a safe and secure manner.

By Daren Glenister

Move bot migration

MoveBot – New Data Transfer Platform

Data Transfer Platform Branded post by Movebot As cloud computing and storage continue to provide enhanced ROI to organizations, businesses are storing their data on the cloud– instead of on-premise servers. Storage migration is an ...
Tech

What is the Difference Between a VPS and a Cloud VPS?

VPS or Cloud VPS? While researching this article it became very apparent that there is a lot of confusion about the differences between VPS Hosting and a Cloud VPS. They are both Virtual Private Servers, ...
Sebastian Grady

Digital Transformation – Updated Metrics for the Cloud Era

Cloud Era Metrics Undertaking digital transformation means also transforming how IT success is defined, including metrics that address business in the cloud.  With up to 90% of budgets spent keeping the lights on, cost is ...
Data Web Accessibility

Protecting Yourself from the Rise in Ransomware this Holiday Season

Rise in Ransomware The Baltimore Public Schools system was already dealing with pandemic learning conditions when it was hit by a ransomware attack the day before Thanksgiving. School officials were calling it a "catastrophic attack ...
Mark Barrenechea

The Digital Era Moves Into The Information Era

We have entered the Information Era Building on the groundwork of automation, connectivity and computing power that defined digital, the Information Era is characterized by our unprecedented ability to capture, store and make sense of ...
Gary Taylor

5 Reasons Why Virtual Desktop Infrastructure Will Go Mainstream Post 2020

Virtual Desktop Infrastructure Growth Virtual Desktop Infrastructure (VDI) technology enables remote users to access their desktop from anywhere using an internet connection. This technology has been around for a couple of decades but never received ...