How to guarantee security in the cloud

​Cloud services can now touch every aspect of a business' operations and processes, offering improved flexibility, support and regulatory compliance. As a result, more organizations are using the cloud to store sensitive data – and with this comes bigger risk. 

According to Protecting Data in the Cloud, a 2019 Thales security study, 70% of respondents find it more complex to manage privacy and data protection regulations in a cloud environment than on-premises. Further, only 44% say their organization is careful about sharing sensitive information with third parties.

Sharing responsibility 

Businesses are having to look beyond their own technological ecosystems and consider how to stay secure when third parties have access to their sensitive data in the cloud. This has become a growing problem for chief information officers (CIOs), who need to keep control of the data: the challenge is where and how.

For Frederic Faria, VP Cloud Operations for Thales' Digital Identity & Security business, this means working with public cloud vendors to define a model where responsibility is shared beyond the CIO.

 "It decreases the control that CIOs have on their data and IT workloads because they must accept or trust the public cloud security contribution," says Faria.

The flexibility of the cloud to allocate resources means that stricter control is needed on who can access and use these resources. "As such, CIOs must reinforce access control and security policies," Faria explains.

Threats to security

Despite cloud services expanding, the required security protection isn't advancing at the same rate. Research from security management firm FireMon concludes that 60% of organizations are not adequately consulting security staff when cloud services are being deployed or expanded. Further, in 44% of cases, teams outside of the security organization are responsible for the cloud's security. 

"In large and complex enterprise environments, budget constraints, lack of clarity around which team is responsible for cloud security and the absence of standards for managing security across hybrid cloud environments are impairing organizations' ability to secure their cloud business initiatives," explains FireMon Vice President of Technology Alliances Tim Woods.

Securing the future of the cloud

With concerns being raised around current cloud security measures, service providers are investing in security services. "They have understood that CIOs need to have the proper security posture and governance over the data that is in the cloud," says Faria, adding that while CIOs will be using more security services from cloud providers, they will want to keep overall control over cloud security.

The benefits of the cloud bring an expanding boundary within which organizations need to defend their assets. Using the latest security tools, therefore, needs to be a top priority driven by the C-suite. This will encourage an environment where qualified cybersecurity staff stand alongside a cluster of eager cloud service providers, and the flexibility, support and compliance offered by the cloud will be balanced with confidence in the level of security that accompanies it. 

Related content: Cybersecurity tops business agenda