With cloud adoption continuing to soar, many organizational leaders are considering the issue of cloud security. Virtually all cloud providers will assert that their solutions are more secure than the average on-premise security platform. Should decision makers believe them? Is any cloud security solution secure enough?
The reality is that when properly configured, secured, and managed, cloud environments can be more secure than most on-premise systems. And, while cloud platforms do not necessarily come with comprehensive built-in security, organizations can work with a security-focused provider to enhance cloud security to meet their level of risk tolerance.
Furthermore, assuming data is secured with an appropriate level of protection, location is rarely the biggest factor in security. At every level, one of the greatest threats to any system or data pool is human nature. Even with the cloud, that remains true.
In a recent survey of 2,200 global security professionals conducted for a cloud security report, more than half said that unauthorized access through misuse of employee credentials was one of the biggest threats to cloud security. A third of them reported that external sharing of sensitive information was the greatest threat.
How does an unauthorized individual gain access to employee credentials or acquire sensitive information? Most commonly, a human shares it—or leaves it in an insecure location—whether it’s a sticky note on a coffee shop table or a poorly secured thumb drive dropped in the parking lot.
Focus on What Matters
Security experts have conceded that it is impossible for any organization, no matter how big or well-funded to thwart all attacks. Storing assets in a secure cloud may protect them while in that environment, but it won’t help them when they leave it. For that reason, we recommend that organizations focus on ensuring the most rapid threat response and mitigation they can afford, up to their level of risk tolerance.
For example, a business owner that stores sensitive data but is not subject to compliance mandates might be content with stringently securing only the subset of data that is sensitive. A company that operates under regulatory scrutiny would have to be far more cautious.
Some cloud providers will help an organization determine its level of risk tolerance and then make an recommendation for the appropriate assets that should be secured in a compliance-grade cloud. Many will also perform assessments and audits to help identify where and how assets are located so they can be transitioned to the cloud environment.
In many cases, organizations achieve the most “secure” solution working with a well-rounded provider that offers both cloud environments and security assistance. Firms like these can suggest key security improvements in other areas, such as implementing a more robust backup solution to minimize data loss if assets are stolen or ransomed. The most competent providers will have the technical know-how to perform gap analyses (along with any other necessary security assessments and tests) to identify security gaps in existing systems, policies and procedures.
In other words, the most “secure” cloud provider is often the one that can look at the organization’s security needs holistically, and not simply from a cloud perspective. They are also committed not only to providing security but also to helping customers define precisely what they need—and how much they should spend to achieve a suitable outcome.
Cybersecurity is a grave concern in today’s threat-laden marketplace, but business owners must recognize and address the weaknesses within their own walls before any cloud solution can give them the protection they need.