Article

5 key steps to securing data in the cloud

The importance of a security mind-set and actions that help reduce risks when working with cloud solutions

Cloud computing has completely changed the way businesses — and their consumers — store and access data. It has become the de facto platform for fuelling digital transformation and modernizing IT portfolios.

Gartner predicts the global public cloud services market is projected to reach about $206 billion in 2019, from $145 billion in 2017. RightScale's 2018 survey report suggests that most enterprises procure cloud services from two or more vendors, a trend that will gain traction in 2019.

Whether customers are working with Amazon Web Services (AWS) as their preferred cloud platform, looking at Microsoft Azure platform or experimenting with Google’s Cloud Platform for applications, these studies have made it clear that companies are increasingly finding that migrating their IT systems to the cloud promises reduced costs, increased productivity and a more agile business. But cloud services are not without their challenges. The emerging risks that come with the increased speed, scalability and volume of data involved, mean that care must be taken when selecting the right cloud vendor.

Whatever cloud service categories - Software As A Service (SaaS), Platform As A Service (PaaS) or Infrastructure As A Service (IaaS) or any of the deployment models (Public, Private, Hybrid or Community cloud environments) - the concern over data security is a core business issue which has made cloud security a priority for many organisations looking to migrate to the cloud.

What about Security?

Every business has unique needs when it comes to cloud services and regardless of which category or deployment model, security and compliance is a big concern. Even though there is a shared responsibility between a cloud vendor and an organisation to determine who assumes responsibility and management for different security tasks in a cloud environment, the customers’ responsibilities generally increase as they move from SaaS to PaaS to IaaS. Organisations should carefully consider the services they choose as their security responsibilities vary depending on the services used.

Security Issues with the Cloud

Cloud computing is the best solution for most businesses as it is affordable, efficient, and scalable- but it can still leave you vulnerable if the proper precautions aren't taken.

Some of the most common cloud computing security risks include:

  • System Vulnerabilities
  • Violation of regulatory controls
  • Shared Cloud Computing Services
  • Data Loss and Inadequate Data Backups
  • Phishing and Social Engineering Attacks
  • Insider threats due to Employee negligence/mistakes

Cloud Security Myth

It isn't enough to cross your fingers and hope that a security breach doesn’t happen in your organisation. Due diligence is key. Many companies assume their cloud security risks are covered because they have a contract with a vendor, a vendor management process on shared responsibility, or receive a Service and Organisation Controls (SOC) report. This can lead to companies losing sight of managing what they have in the cloud and other key risk areas. A more holistic approach is necessary to effectively manage cloud risks.

The Security Mind-set

There are 5 key steps organisations can take to align cloud solutions with compliance demands whilst managing the risks involved with cloud platforms. This will help in securing the business from threats and allow them to enjoy all of the benefits that cloud computing provides.

1. Start early

A lot of organisations try to manage cloud risks after they have implemented a solution, adopting reverse engineering and applying controls when risks become apparent. However, if you build your cloud solution with a security mind-set from the start, you will likely be exposed to less risk, operate more efficiently and build more effective business relationships.

2. Do the Basics

Set up a risk management process and complete a risk assessment. Organisations will need to set up a process to help identify critical cloud assets, be able to identify vulnerabilities and the associated risks to those assets.

3. Begin with a standard

When implementing a cloud solution, it is always best to begin with a framework to help guide your risk practices. Several standards are available and our recommendation is to align with best practice frameworks such as Cyber Essentials and ISO 27001:2013 which is the gold standard of best practices for managing information safely and securely. These standards can give you a holistic view of all the risks associated with the cloud.

4. Educate your employees

Security awareness training is a massive concern among IT professionals when dealing with security management. Ensure employees understand how to quickly spot cyber threats and what to do when they come across them.

5. Get the right help

There are many companies who do not have the necessary skills in-house to properly identify and manage cloud risk and compliance challenges. In such situations, whether you’re thinking about moving to the cloud or already using it, an experienced and trusted advisor can provide supplemental resources and practical advice throughout your cloud journey, from technical insights about the cloud’s evolution to IT governance and compliance.

Cloud is a moving target

With the introduction of new cloud features and changes to computing innovations, your risk posture could change quickly based on the cloud's rapid evolution, so you need to stay on top. Monitoring and testing compliance adherence is a 24x7 job.

Wrap up

When it comes to cloud computing, it’s better to be safe than sorry. Before transitioning data and business applications to the cloud, you must ensure that you understand your risk and compliance environment and have the right level of support to avoid any potentially harmful risk exposures.

Implementing the proper security measures mitigates massive risks that could harm your business. Use the informative statistics and best practices we’ve shared to reduce risk to your business, protect yourself against threats, achieve cyber resilience and develop a competitive advantage.

Hear Andy Bates, Lead Consultant in AEC and Dan Burrows, Executive Transformation Consultant speaking at DCW 2019

17 October 2019 , ExCel London

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we'll assume that you are happy to receive all cookies. However, you can change your cookie settings at any time. For further information about how we use cookies and how to change your settings, please read our Cookie Notice

I'm fine with this