How to keep your cloud safe

In the past several years, cloud adoption has grown rapidly. The latest studies reveal that cloud adoption in the UK now stands at 84 per cent with companies using at least one cloud service.

As investments in the cloud increase, so do concerns regarding security and the risks associated with storing sensitive information on cloud platforms. So what security essentials should a company consider when storing data in the cloud?

Cloud security starts with the same three ‘pillars’ as internal network security: confidentiality, integrity and availability. Yet, businesses need to recognise that the cloud stretches these three pillars in new ways. For example, there is a greater attack surface whatever the delivery model.

[easy-tweet tweet=”Private #cloud is the most secure, it doesn’t compromise company policy but it’s expensive to do right.” hashtags=”business”]

Private cloud is the most secure, it doesn’t compromise company policy but it’s expensive to do right. Community cloud involves shared infrastructure with unified security, compliance and jurisdiction requirements, although it can be restrictive. Public cloud is flexible from an adoption perspective, but you have to accept the policies of the service provider. Finally, hybrid cloud combines all these aspects, although success depends on the eventual service choice (x-as-a-service).

Once you have identified the architecture that fits your requirements, there are further questions to ask. Are you able to answer the following with confidence?

  • What are the controls on privileged administrators and how are they supervised?
  • Where is data held? How is it held (encrypted/resilient/high availability)?
  • Will legal obligations to protect company data be impacted if the provider has a distributed architecture (i.e. multiple data centres across different countries)?
  • What about backup and archiving?
  • What is the provider’s viability? Any probability of company failure or acquisition?
  • Does the cloud solution integrate with the company’s IT infrastructure?
  • Will the workforce be affected by how they access data?
  • Certifications – who audits them and how frequently?
  • Does the provider have disruption provisions against attacks, business continuity or disaster recovery?

One point businesses must be aware of – data security remains their responsibility. It is not transferred to the provider. No single security method will solve every data-related problem, so multiple layers of defence are critical, from access control, system protection and personnel security, to information integrity, network protection and cloud security management.

As well as hackers targeting a specific cloud service or corporation, companies must also take into consideration the risks posed by employees. A research released by Experian showed that 60 per cent of security incidents were caused by the employees; this risk is exaggerated further by staff working remotely or the use of personal mobile devices to access sensitive materials outside of the company network. Consequently, organisations need to implement a strong security and awareness strategy that includes acceptable usage policies for the employees, enabling them not only to improve their cyber security behaviour, but to become true custodians of the company’s sensitive data, cloud or no cloud.

[easy-tweet tweet=”it is critical to make sure that #cloud infrastructure and disparate applications are integrated” hashtags=”business”]

Finally, it is critical to make sure that cloud infrastructure and disparate applications are integrated, yet independent from each other so that the impact of any compromise or breach can be contained. This is a crucial step to securing the cloud across a business.

+ posts

Meet Stella


Related articles

How to add AI to your cybersecurity toolkit 

A successful implementation of AI in cyber defense requires a solid data governance system, reimagined incident response frameworks, sufficient talent and expertise to manage the new system, and established documentation practices.

The Metaverse: Virtually a reality?

Metaverses have the potential to enable virtual worlds to expand beyond the gaming genre to encompass all manner of social and commercial activities.

Cybersecurity and Cloud: A Look Back at 2022 and What to Expect in 2023

Businesses are continuously reassessing their resources and options to fill their tech stack. In this competitive digital landscape, the innovative use of technology will be something that would generate a competitive advantage for organisations.

Shopping for Data: Ensuring a seamless user experience 

This combination can drive a business’s data culture and provide a structured approach for businesses to benefit from data intelligence across their operations, with only a few clicks.

Unveiling the Top 10 Cybersecurity Threats to Watch Out for in 2023

As technology advances, so do cybercriminals' methods to gain unauthorised access to sensitive information. With the increasing reliance on technology in both personal and professional settings, it is crucial to stay informed about the top cybersecurity threats to watch out for in 2023.

Subscribe to our Newsletter