How to guarantee security in the cloud

​Cloud services can now touch every aspect of a business's operations and processes, offering improved flexibility, support, and regulatory compliance.

As a result, more organizations are using the cloud to store sensitive data – and with this comes more significant risk. 

According to Protecting Data in the Cloud, a 2019 Thales security study:

  •  70% of respondents find it more complex to manage privacy and data protection regulations in a cloud environment than on-premises.
  • Further, only 44% say their organization is careful about sharing sensitive information with third parties.

Let's understand why.

Less control over data 

Businesses are having to look beyond their technological ecosystems and consider how to stay secure when third parties have access to their sensitive data in the cloud.

This has become a growing problem for chief information officers (CIOs) who need to keep control of the data: the challenge is where and how.

For Frederic Faria, VP Cloud Operations for Thales' Digital Identity & Security business, this means working with public cloud vendors to define a model where responsibility is shared beyond the CIO.

 "It decreases the control that CIOs have on their data and IT workloads because they must accept or trust the public cloud security contribution," says Faria.

The flexibility of the cloud to allocate resources means that stricter control is needed on who can access and use these resources.

"As such, CIOs must reinforce access control and security policies," Faria explains.

Increased exposure of data is one thing, but on which side lies the responsibility?

Who's really in charge?

Despite cloud services expanding, the required security protection isn't advancing at the same rate.

Research from security management firm FireMon concludes that:

  • 60% of organizations are not adequately consulting security staff when cloud services are being deployed or expanded.
  • Further, in 44% of cases, teams outside of the security organization are responsible for the cloud's security. 

"In large and complex enterprise environments, budget constraints, lack of clarity around which team is responsible for cloud security, the absence of standards for managing security across hybrid cloud environments are impairing organizations' ability to secure their cloud business initiatives," explains FireMon Vice President of Technology Alliances Tim Woods.

So, how do we move forward?

How do we secure the future of the cloud?

With concerns being raised around current cloud security measures, service providers are investing in security services.

"They have understood that CIOs need to have the proper security posture and governance over the data that is in the cloud," says Faria, adding that while CIOs will be using more security services from cloud providers, they will want to keep overall control over cloud security.

The benefits of the cloud bring an expanding boundary within which organizations need to defend their assets.

Using the latest security tools, therefore, needs to be a top priority driven by the C-suite.

The result?

This awareness will encourage an environment where qualified cybersecurity staff stands alongside a cluster of eager cloud service providers. The flexibility, support, and compliance offered by the cloud will be balanced with confidence in the level of security that accompanies it. 

Related contents: