Daren

Even Companies With A "Cloud First" Strategy Have Lingering Security Concerns

Lingering Security Concerns

Considering the cost and time-to-market advantages of SaaS applications in particular, it’s no surprise that companies are looking to the cloud to meet their business objectives. But what happens when a ‘cloud first’ company must also put security and compliance first?

In a recent Bitglass survey report from a cloud access security broker (CASB), CIOs and other IT leaders shared their views on cloud computing and information security. More than half (55%) say their organization has adopted a “public cloud first” strategy in 2016. That is, when they are considering the use of new applications for managing their data, they will first see what’s available in the public cloud.

removing-cybercrime

While interest in SaaS applications is high, organizations looking at this option still have some security concerns. Respondents to the survey listed the following as their biggest cloud security challenges for 2016:

  • Controlling downloads of company data/information (36%)
  • Evaluating cloud security providers’ security controls (24%)
  • External sharing of company data/information (21%)

Many companies fear they will lose end-to-end control over their data records and informational documents once they go into a cloud application. IT leaders need to ask their SaaS (or CASB) providers some serious questions about what security measures can and will be applied as information goes into and out of the cloud application, as well as when it sits at rest in storage.

CIOs are disinclined to use cloud applications that offer minimal security. This is the very reason why the CASB market was born and has grown so quickly. CASB vendors provide organizations with a gateway application through which data flows on its way to/from SaaS applications in order to apply security mechanisms such as encryption or data loss prevention (DLP).

Security First, SaaS Second

Many SaaS applications have been built around rich features and functionality—but not on the premise of securing information throughout its lifecycle. Thus there are legitimate concerns about information being inappropriately downloaded to personal or mobile devices, put on an inherently insecure file share, attached to an email going outside the company, or accessed by an administrator for the cloud service provider. If there is even a hint of a possibility that one of these things may happen, the cloud solution may be ruled out by the CIO or CISO of an organization for lack of proper controls.

cloud-comic3

Many organizations are looking for a secure means to enable work collaboration and the sharing of highly sensitive documents both internally and externally with select business partners. There is no margin for error concerning the protection of their documents, but fears can be diminished by adopting the following:

  • Cloud providers must operate with the philosophy that security is the core and the file sharing and collaboration features are architected into it. Providers should also provide multiple levels of encryption and allow customers to own the keys if they desire it, By providing granular security on a file by file basis, security can also be embedded into each file for its entire lifecycle. Moreover, businesses’ solutions don’t need “bolted on” security mechanisms from third party providers like CASB vendors. Customers’ trust is sacrosanct, and should not be handed off to partners.
  • Cloud providers must allow their audit team to take an in-depth look at data center security practices, not just on paper. Teams should do an annual on-site visit to determine if a company’s security, privacy and data sovereignty controls and practices match their own. Once a company receives a final report after each assessment, customers’ concerns can then be addressed and security postures continuously built stronger.

To the IT leaders who want to be “cloud first” but still have security concerns about public cloud applications, and who worry about controlling downloads and external sharing, I recommend evaluating your SaaS provider’s controls. Get in touch with a secure collaboration and file-sharing provider. They’ll help you implement your “cloud first” strategy for business collaboration in a safe and secure manner.

By Daren Glenister

Daren Glenister

Daren is the Field Chief Technology Officer for Intralinks. Daren serves as a customer advocate, working with enterprise organizations to evangelize data collaboration solutions and translate customer business challenges into product requirements.

Glenister brings more than 20 years of industry experience and leadership in security, compliance, secure collaboration and enterprise software, having worked with many Fortune 1000 companies to turn business challenges into real-world solutions.

A.I. is Not All It’s Cracked Up to Be…At Least Not Yet!

Exploring AI’s Potential: The Gap Between Aspiration and Reality Recently Samsung releases its new Galaxy [...]
Read more
Frank Suglia

Forecasting Cloud Trends in 2024

The past few years have rapidly accelerated cloud adoption and impacted the overall IT landscape. [...]
Read more
Gilad David Maayan

Azure Free Tier vs. AWS Free Tier: Which Provides More Value?

Cloud computing has become a cornerstone for the digital transformation of businesses. From startups to [...]
Read more
Derek Pilling

Reframing Lock-in in the Era of Data-Driven Transformation

Breaking Boundaries: Redefining Lock-in in the Data Era The business imperative to drive better decisions [...]
Read more
Randy

Gain Critical AI Insights: The Oxford Artificial Intelligence Programme

Acquire Essential Skills for Success in the AI Industry The expansion of online learning within [...]
Read more

SPONSOR PARTNER

Explore top-tier education with exclusive savings on online courses from MIT, Oxford, and Harvard through our e-learning sponsor. Elevate your career with world-class knowledge. Start now!
© 2024 CloudTweaks. All rights reserved.