The reality that all kinds of business data is now stored, managed, accessed and maintained in the cloud is inescapable, but is security still hampering the adoption of true utility cloud-based computing? Nathan Johnston, Solutions Architect at Memset explores.
Businesses are relying on cloud services more than ever, as they tend to be more convenient and often cheaper than alternatives. However, as businesses increase their dependence upon cloud services, so too have the malicious actors that follow the data and computing resources to the cloud.
There is no escaping the headlines about significant data breaches experienced by large organisations like Yahoo, LogMeIn together with the discoveries of NSA and government breaches heighten concerns of the security risks traversing the internet. Cyber security breaches have become an endemic problem in modern society and business.
Cyber security is becoming a growing concern all round, so much so, that now the impact of cyber security attacks are being tracked and assessed at a national level by the UK Government. Such threats are considered to be equal in risk to the UK as international terrorism and global military conflict, according to the National Security Strategy. Ongoing concerns about security issues, such as access to data, geographic location of sensitive data, compliance, and visibility into organisations’ public and hybrid cloud environments, continue to hinder the adoption of the cloud for many businesses.
[easy-tweet tweet=”Good security practice is now an absolute requirement to have a sustainable business” hashtags=”Security, Cloud”]
While in the cloud industry, we’re reassured by survey results showing that the majority of businesses who have adopted the cloud have found security is not an issue, with many stating that security has improved, some companies remain sceptical.
Good security practice is now an absolute requirement to have a sustainable business and a competitive edge in most national and international markets, but this doesn’t have to be at the cost of efficiency, expense or agility. Regardless of the size and type of your organisation, there are actions you can take.
The issue underlying most of this apprehension is a lack of visibility into an organisation’s cloud environment, which signals a loss of control. Whilst this is a real concern, it is equally important to remember that the relationship that exists between a cloud service provider (CSP), like Memset and their customers incorporates a shared responsibility of security; although the CSP maintains strong security and compliance controls across their entire infrastructure platform, the customer is responsible for anything they manipulate on the cloud platform.
This is one of the primary challenges of using cloud resources: acknowledging that the services offered by the cloud providers establish a shared responsibility between the cloud provider and the cloud user. Both the cloud provider and the user must be aware of system and data security to prevent a breach in the security. And in the event of a risk being identified, it is illogical to automatically assume the fault lies with the CSP. With many of the major cloud security breaches, reports tend to name drop the well-known, multi-million-pound service providers are at fault, when in fact it is usually a result of hackers managing to figure out the network credentials of a third party vendor that lead to such devastation.
Equally, focusing on technology rather than the issue can add to the chaos of a security risk. With the adoption of hybrid cloud solutions becoming the norm, critical information is likely to be siloed in different areas of the organisations’ storage solution. While we’ve come some way in centralising company data, that previously had to be continually transferred between departments and companies, a central data repository adds some other security considerations.
Hackers want to have a greater impact for their exploits. So, they tend to attack the central repositories of data that’s available. Even organisations that take data protection seriously and institute sound policies for implementation can be still caught out, especially if they are growing through acquisition of other smaller entities and incorporating them into their information system. In this process they lose sight of some server that belongs to the network that does not have the same level of protection as the other servers on the system, thereby leading to a major compromise. Thus, movement of data out of the central repository should be monitored at all time.
Essentially, if CSPs and customers work closely together with the same goal, their IT infrastructure can help create governance rules and policies accordingly, enabling business users and data scientists to find, understand and trust the data they need to fuel critical insights.