Even Companies With A "Cloud First" Strategy Have Lingering Security Concerns

Lingering Security Concerns

Considering the cost and time-to-market advantages of SaaS applications in particular, it’s no surprise that companies are looking to the cloud to meet their business objectives. But what happens when a ‘cloud first’ company must also put security and compliance first?

In a recent Bitglass survey report from a cloud access security broker (CASB), CIOs and other IT leaders shared their views on cloud computing and information security. More than half (55%) say their organization has adopted a “public cloud first” strategy in 2016. That is, when they are considering the use of new applications for managing their data, they will first see what’s available in the public cloud.

removing-cybercrime

While interest in SaaS applications is high, organizations looking at this option still have some security concerns. Respondents to the survey listed the following as their biggest cloud security challenges for 2016:

  • Controlling downloads of company data/information (36%)
  • Evaluating cloud security providers’ security controls (24%)
  • External sharing of company data/information (21%)

Many companies fear they will lose end-to-end control over their data records and informational documents once they go into a cloud application. IT leaders need to ask their SaaS (or CASB) providers some serious questions about what security measures can and will be applied as information goes into and out of the cloud application, as well as when it sits at rest in storage.

CIOs are disinclined to use cloud applications that offer minimal security. This is the very reason why the CASB market was born and has grown so quickly. CASB vendors provide organizations with a gateway application through which data flows on its way to/from SaaS applications in order to apply security mechanisms such as encryption or data loss prevention (DLP).

Security First, SaaS Second

Many SaaS applications have been built around rich features and functionality—but not on the premise of securing information throughout its lifecycle. Thus there are legitimate concerns about information being inappropriately downloaded to personal or mobile devices, put on an inherently insecure file share, attached to an email going outside the company, or accessed by an administrator for the cloud service provider. If there is even a hint of a possibility that one of these things may happen, the cloud solution may be ruled out by the CIO or CISO of an organization for lack of proper controls.

cloud-comic3

Many organizations are looking for a secure means to enable work collaboration and the sharing of highly sensitive documents both internally and externally with select business partners. There is no margin for error concerning the protection of their documents, but fears can be diminished by adopting the following:

  • Cloud providers must operate with the philosophy that security is the core and the file sharing and collaboration features are architected into it. Providers should also provide multiple levels of encryption and allow customers to own the keys if they desire it, By providing granular security on a file by file basis, security can also be embedded into each file for its entire lifecycle. Moreover, businesses’ solutions don’t need “bolted on” security mechanisms from third party providers like CASB vendors. Customers’ trust is sacrosanct, and should not be handed off to partners.
  • Cloud providers must allow their audit team to take an in-depth look at data center security practices, not just on paper. Teams should do an annual on-site visit to determine if a company’s security, privacy and data sovereignty controls and practices match their own. Once a company receives a final report after each assessment, customers’ concerns can then be addressed and security postures continuously built stronger.

To the IT leaders who want to be “cloud first” but still have security concerns about public cloud applications, and who worry about controlling downloads and external sharing, I recommend evaluating your SaaS provider’s controls. Get in touch with a secure collaboration and file-sharing provider. They’ll help you implement your “cloud first” strategy for business collaboration in a safe and secure manner.

By Daren Glenister

Gartner Predicts Public Cloud Services Market Will Reach $397.4B by 2022

Gartner Predicts Public Cloud Services Market Will Reach $397.4B by 2022

Public Cloud Services Market Will Reach $397.4B Worldwide end-user spending on public cloud services is forecast to grow 23.1% in 2021 to total $332.3 billion, up from $270 billion in 2020. Garter predicts worldwide end-user ...
Fahim Kahn

The 5 Biggest Hybrid Cloud Management Challenges—And How to Overcome Them

Hybrid Cloud Management Challenges The benefits of the cloud—reduced costs, greater IT flexibility, and more—are well-established. But now many organizations are moving to hybrid cloud management platforms. While hybrid clouds do offer a greater level ...
Tech

What is the Difference Between a VPS and a Cloud VPS?

VPS or Cloud VPS? While researching this article it became very apparent that there is a lot of confusion about the differences between VPS Hosting and a Cloud VPS. They are both Virtual Private Servers, ...
Cloud Based Accounting

How Cloud Has Changed The Modern Accounting

Modern Accounting The modern-day accounting has come a long way from the times when the financial information existed only on paper. Today, advancement in technology has transformed almost every aspect of the accounting industry. It ...
Machine

Machine Learning: The Importance of Actionable Data

The Importance of Actionable Data How awesome would it be to know for sure exactly what your customers want to see from your business? Imagine being armed with enough actionable data to be able to ...
Ronald van Loon

Cognitive Science + Data Science: Next-Gen Data Driven Marketing

Next-Gen Data Driven Marketing What are the psychological motivators driving customer purchasing decisions? The era of ubiquitous digitalization, advanced analytics, and big data is here. Yet marketers frequently grapple with obtaining information that answers critical ...