At first cloud computing and cyber security look like they are not related to each other. However, we can see that they are related and the reason behind it is that the first requires storing your data off-site and the second requires building virtual walls around it, protecting your data at all costs. Cloud computing means outsourcing, trusting a vendor to keep your data and transactions safe. Cyber security means keeping it all close, trusting the staff, procedures and protocols to do the job.
Cloud Security is the new Cyber Security
With every passing year, the number of businesses migrating to the cloud increases--and the number of cyberattacks increases, as if keeping pace. By end of 2018, almost 96 percent of organizations started using cloud computing in some way, according to CIO.com. At the same time, cyberattacks were on the rise, with almost twice as many ransomware attacks in 2017 (160,000) as compared to the previous year (82,000). And those are only the reported attacks, nor do those numbers include data breaches or denial-of-service attacks. Obviously, as cloud computing becomes the norm, cloud security must as well. Learn more about: Software security testing
Below are the five things one should know about cyber security that will help you understand it better.
- The organization is ultimately responsible for the security of the data and transactions. Cloud vendors know they must do their cyber-security part, but in the end, if a customer’s data is compromised, it is the organization that will have to answer to that customer or pay the fine. Similarly, if an organization falls victim to a ransomware attack, it is the organization that must pay the hacker. This means that just because you’re using cloud computing, you can’t let your guard down. According to one source, two common causes of data breaches in the cloud are misconfigured access restrictions on storage resources and forgotten or improperly secured systems, both of which are the responsibility of the organization, not the cloud vendor. You must still make cyber security one of your highest priorities, ensuring you have trained staff and that your staff stays current on the latest threats and predictions.
- Cloud vendors are working to increase security and make it easier for businesses. Cloud vendors have already invested enormous resources in their own products’ security. When the major players include Amazon (Amazon Web Services), Microsoft (Azure), and Google (Google Cloud Platform), you can be rest assure that the security has been one of the highest priorities. And now vendors have focussed attention to help their customers improve security. For example, as summarized in an article at Forbes.com, Google offers a Cloud Security Command Centre that acts like a scanner to look for vulnerabilities, and both Amazon and Microsoft have built applications and infrastructures to help. If you’re in doubt about how well you’re securing access and data on your end, approach your vendor for help.
- Cloud Computing could improve Security. Sometimes cloud computing offers a security solution. Small to medium size businesses are particularly vulnerable to cyberattacks such as ransomware because they don’t have or haven’t spent the resources to improve their cyber security. Moving to the cloud could improve their overall security, because the cloud vendors—as described above—have some of the toughest security in the IT space. In fact, some argue that moving data to the cloud is more secure than keeping it on-site, although that can be hard for some IT managers to accept, given their natural inclination to keep data where they have the most perceived control over it.
- Cloud security is an even bigger issue with GDPR. In May of 2018, the General Data Protection Regulation (GDPR) became enforceable. Although it applies to residents of the European Union (EU) and European Economic Area (EEA), it has far-reaching effects for organizations all over the world because the citizens of these areas often do business with entities outside of these areas. Post GDPR, those entities and organizations must make sure their data practices comply. Although the best way to ensure compliance is through legal counsel, in general, this means both the cloud vendor and the cloud customer must follow data protection practices. For businesses that use a multi-cloud solution, with more than one vendor, each solution must also comply.
- Cloud security is already affected by the Internet of Things (IoT). Despite all the progress made in securing cloud solutions, data centres and network infrastructures, we are on the verge of undoing a lot of that progress due to the Internet of Things (IoT). With the explosion of IoT devices comes an explosion of security vulnerabilities, because these devices often don’t have the level of security they should.
Cloud Computing is the future, there is no doubt about that, and cyber security will continue to be critical—there’s no doubt about that either. Taken together, one can see how cloud security is the next evolution in IT as the volume of data increases along with the risks, and regulations like GDPR make security enforceable while emerging IoT technologies undo it. It’s like a foggy forest with no clear path through it, at this point. So, stay on top of your cloud security by staying informed, ensuring you or your staff are educated, and continuing to have a healthy level of distrust, or, as a military friend likes to say, “Trust but verify". Read the case study: Jade Global Provides Clear Path for New Cyber Security Spinoff through Large-Scale Salesforce Data…
About the Author
Mahendra Padalkar serves as Principal Solution Architect for Jade Global’s Technology Services practice. He sits in Jade Global’s Pune, India office and can be reached at firstname.lastname@example.org
For further questions or information about Jade Global’s technology services, email email@example.com