Of all the reasons some businesses are hesitant to move more aggressively into the cloud, security concerns have long topped the list. Every day seems to bring news of another massive data breach involving a high-profile company.
But here’s the thing: When it comes to data breaches, the cloud is not the problem. Businesses’ own inadequate security technologies and practices, whether in the cloud or on-premises, leave data vulnerable to attack by today’s smart, tenacious hackers.
More IT leaders are realizing the cloud is no less secure than their own onsite data centers, and that its use is increasingly necessary in a world where data volumes are exploding. Consequently, 91 percent of companies are now in the cloud — and of those, 29 percent say that most or all of their systems are cloud-based — according to a survey by CompTIA.
While moving to the cloud doesn’t make your data less safe, it doesn’t necessarily make it safer either.
How to Secure Data When Moving to the Cloud
Who’s responsible for what? Some businesses believe that simply moving to a reputable cloud provider means their data will be secure. And while it’s true cloud vendors such as Google and Microsoft have much greater security expertise than the average small business, and are certified compliant with federal data governance standards, security in the cloud often comes down to properly configuring the security controls the vendors offer, as well as general data security hygiene.
Ron Zalkind, CTO of Cisco Cloud Security, explained that cloud has a “shared responsibility model. With cloud, where you leverage someone else’s data center, you now have less direct responsibility for security for that infrastructure. So, you need to have service-level agreements in place.” But customers, he said, are typically responsible for “firewalls, patching operating systems, deploying software free of vulnerabilities, and network access control.” Make sure you know what your cloud providers are responsible for — and what you are — when it comes to security.
What’s your backup plan? Some businesses think that because their data is in the cloud, backing it up isn’t necessary. That’s not true. Ensuring that your data is properly backed up is critical, no matter where it is. In fact, one of the advantages of a multicloud strategy is to reduce the risk of widespread data loss or downtime due to a failure in one cloud-computing environment.
How is your data accessed, and by whom? Data access control is the responsibility of the data owner, not the cloud platform provider. If your company has not put in place proper access controls, if it is not taking good password hygiene seriously and is not yet utilizing multifactor authentication for remote users, then your data is at risk.
Is your data encrypted? Ensuring your data is encrypted in the cloud is essential for its protection. Yet encryption is an underutilized tactic despite its proven effectiveness at bolstering data security. Because of the increased costs associated with data encryption, some cloud providers limit their cloud encryption services, and some businesses choose to encrypt their own data on-premises before it is moved to the cloud. Make sure you understand how your cloud providers are handling data encryption.
Have you tested the strength of your security? Whether your data is in the cloud, on-premises or both, until someone actually tries to hack it, it’s hard to be certain how good your security protocols really are. A comprehensive security assessment, such as the one offered by CDW, will include white hat hackers using the same tools and techniques deployed by cybercriminals to access your data. The difference is, instead of losing your data or being hit with a ransomware attack, you’ll get a report on where your vulnerabilities are and help in patching them. In other words, you get the lessons learned from a hack, without the pain.