Every day in offices around the world, companies are adopting a cloud-based strategy. And how can you blame them? Moving applications and services to the cloud offers technological flexibility, cost savings, and convenience for both employees and customers.
Now, it might be odd coming from a company that sells cloud services, but we believe that there’s also a downside to all of this cloud business. The problem: the cloud can open up data security issues, a topic that often gets lost in the weeds in the rush to move to the cloud.
And since we discuss cloud services literally each day, with both clients and prospects, we’re well aware of the challenges involved in managing security and compliance with this technology. Part of the problem is that all security provided by cloud vendors is not of equally high standards.
Interestingly, the majority of people we talk to – again, both clients and prospects – express confidence that cloud security vendors actually provide equal or superior security than what’s on-site. These people recognize that their companies themselves are at fault, and understand that the situation can be corrected by developing strategies that consider the technical and governance aspects of security.
A key part of these strategies is overcoming the shortage of staff with cloud security expertise. There just aren’t enough skilled security people for all of the companies adopting the cloud. It’s a big problem, and in our estimation solving it should get priority over other concerns like budgets for cloud breach detection and cloud analytics. It’s a big problem because security is a 24/7 operation that requires constant adjustments and proactive measures.
Another cloud security challenge comes in the form of the increasing adoption of agile IT service delivery models. These days, security departments must manage more software than before, straining an already limited resource. For companies in this situation, we recommend that they automate firewall configuration, privileged account management, and other vital security services.
You may also be familiar with application containers and microservices architectures, which can greatly improve security. Containers reduce the attack surface and allow for increased application component segmentation. However, the benefits also come with some risks, since a cloud-based container environment is difficult to track with traditional security. You can’t guarantee a proper security configuration.
We will keep promoting the cloud, helping companies see the technical benefits and overseeing successful implementations. But as responsible business people, we also want our prospects to understand that every decision has ramifications.
The cloud is not a panacea from a security perspective. Before deciding to adopt it, be sure you have the right security personnel and policies in place.