Do you have a cloud IT strategy?
Or are you still performing all IT functions in-house with your own staff?
And if you do have a cloud strategy, do you intend to have your current staff plan and implement that on top of their current workload? Do they have the skills needed – especially when it comes to security?
If you're reading this, you're probably at least thinking about cloud adoption – 90% of companies are in some stage of cloud adoption. 76% of organizations having deployed or are implementing, or piloting a cloud solution. 14% are in the planning stages. Only 10% have no plans at all (if you're one of those, you should reconsider!).
The benefits are obvious: flexible capacity and scalability, improved availability, business continuity, reduced costs and complexity, and regulatory compliance.
Despite the fact that cloud providers often operate in a more secure environment (read Cloud Backup: More Secure Than In-House), security risks continues as the number 1 barrier to the cloud. A close second is a lack of staff or staff expertise to manage any security issues in the cloud (I've written about the cybersecurity hiring shortage, One Looming Cybersecurity Risk – No Cybersecurity Staff).
Access: A Major Cloud Security Challenge
Of course, you should be concerned with cloud security. Here are the top three major security challenges that concern business:
Those are concerns for in-house systems too.
Ironically, the top security threats aren't technology-related, they're people-related:
Hijacking of accounts, services, or traffic
External sharing of data
Loose password policy, a security policy that isn't followed, and users having their accounts hacked with phishing emails are some of the employee-caused actions that can allow a cloud system to be hacked.
If you look at the list, three of the top five cloud security threats aren't related to IT at all.
A Few Cloud Security Tips
If you outsource to an IT managed services partner – for cloud data backup, for example – you must remember that it's still your data and you remain liable for securing your information (with help from your managed services partner of course!).
Before you sign with a partner, be sure they demonstrated a redundant infrastructure with geographically dispersed data centers to ensure continued operation in the case of a disaster. Ask them about their business continuity plan to ensure continued access to your data.
For backup and storage information security, Providers who adhere National Institutes of Standards and Technology (NIST)-certified encryption standards ensures data is encrypted on your site before transmission to the cloud and remains encrypted. No one else has access to your information because there's a single key to the encryption that only you have. The Advanced Encryption Standard and FIPS 140-2 is a third-party validation and indication that a cloud service provider adheres to the most robust encryption standards currently available.
Have a service level agreement (SLA) with your provider to establish mutually agreeable operational levels and expectations – including for security. Related to security and control, SLA terms could include expectations for being alerted to security lapses for the cloud providers other clients and expectations into insight into your data.
Before you store your data in the cloud, assess the sensitivity of the data you are considering placing there. If the data needs to comply with regulations such as HIPAA, have your cloud partner show you that their systems comply so that you aren't out of compliance.
Your information is as secure, if not more secure, in the hands of an outsourced cloud partner. Regardless of whether you decide to DIY or engage an IT service provider to provide cloud IT support, don't let concerns about security stop you.
Stats from Cloud Security 2017 Spotlight Reportby Cloudvisory.