Even Companies With A "Cloud First" Strategy Have Lingering Security Concerns

Disaster Plan.png
Cloud For Dummies.png
Answer To Everything.png
Growing Up.png
Data Fallout.png

Lingering Security Concerns

Considering the cost and time-to-market advantages of SaaS applications in particular, it’s no surprise that companies are looking to the cloud to meet their business objectives. But what happens when a ‘cloud first’ company must also put security and compliance first?

In a recent Bitglass survey report from a cloud access security broker (CASB), CIOs and other IT leaders shared their views on cloud computing and information security. More than half (55%) say their organization has adopted a “public cloud first” strategy in 2016. That is, when they are considering the use of new applications for managing their data, they will first see what’s available in the public cloud.

removing-cybercrime

While interest in SaaS applications is high, organizations looking at this option still have some security concerns. Respondents to the survey listed the following as their biggest cloud security challenges for 2016:

  • Controlling downloads of company data/information (36%)
  • Evaluating cloud security providers’ security controls (24%)
  • External sharing of company data/information (21%)

Many companies fear they will lose end-to-end control over their data records and informational documents once they go into a cloud application. IT leaders need to ask their SaaS (or CASB) providers some serious questions about what security measures can and will be applied as information goes into and out of the cloud application, as well as when it sits at rest in storage.

CIOs are disinclined to use cloud applications that offer minimal security. This is the very reason why the CASB market was born and has grown so quickly. CASB vendors provide organizations with a gateway application through which data flows on its way to/from SaaS applications in order to apply security mechanisms such as encryption or data loss prevention (DLP).

Security First, SaaS Second

Many SaaS applications have been built around rich features and functionality—but not on the premise of securing information throughout its lifecycle. Thus there are legitimate concerns about information being inappropriately downloaded to personal or mobile devices, put on an inherently insecure file share, attached to an email going outside the company, or accessed by an administrator for the cloud service provider. If there is even a hint of a possibility that one of these things may happen, the cloud solution may be ruled out by the CIO or CISO of an organization for lack of proper controls.

cloud-comic3

Many organizations are looking for a secure means to enable work collaboration and the sharing of highly sensitive documents both internally and externally with select business partners. There is no margin for error concerning the protection of their documents, but fears can be diminished by adopting the following:

  • Cloud providers must operate with the philosophy that security is the core and the file sharing and collaboration features are architected into it. Providers should also provide multiple levels of encryption and allow customers to own the keys if they desire it, By providing granular security on a file by file basis, security can also be embedded into each file for its entire lifecycle. Moreover, businesses’ solutions don’t need “bolted on” security mechanisms from third party providers like CASB vendors. Customers’ trust is sacrosanct, and should not be handed off to partners.
  • Cloud providers must allow their audit team to take an in-depth look at data center security practices, not just on paper. Teams should do an annual on-site visit to determine if a company’s security, privacy and data sovereignty controls and practices match their own. Once a company receives a final report after each assessment, customers’ concerns can then be addressed and security postures continuously built stronger.

To the IT leaders who want to be “cloud first” but still have security concerns about public cloud applications, and who worry about controlling downloads and external sharing, I recommend evaluating your SaaS provider’s controls. Get in touch with a secure collaboration and file-sharing provider. They’ll help you implement your “cloud first” strategy for business collaboration in a safe and secure manner.

By Daren Glenister

Workforce Tech Talent

Is Remote Work Here To Stay?

Is Remote Work Here To Stay? For as long as I can remember there have been discussions about remote work and when that would become the reality for almost everyone on the planet. Tim Ferriss ...
AI and ML: Key Drivers to Building a Resilient Business

AI and ML: Key Drivers to Building a Resilient Business

The future is here. It’s 2021 and it’s already time for businesses to ready themselves for the new decade. The previous year has shown us that you have to be prepared for both expected and ...
Ronald van Loon

Operationalizing AI at Scale with ModelOps

Scaling with ModelOps Putting artificial intelligence (AI) into production can be a frustrating experience for organizations, one often destined for failure. In fact, only 53% of AI projects actually move past POC and into production ...
File Photo Of Facebook Ceo

533 Million Facebook Users Had Their Data Stolen and Leaked Online

Facebook Data Stolen and Leaked Online On Saturday, April 3rd, a user from a hacking forum published the personal data from more than 500 million Facebook users. The hacked and published data were available at ...
Gary Bernstein

5 Notable Proxy Servers Adding That Extra Layer Of Privacy

What’s A Proxy Server? A proxy server is a gateway between the user and the internet. This is an intermediary server that separates end users from the websites they browse. It’s completely legal to use ...

TECH ELEARNING

The CloudTweaks technology lists will include updated resources to leading services from around the globe. Examples include leading IT Monitoring Services, Bootcamps, VPNs, CDNs, Reseller Programs and much more...

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.