One of the biggest misconceptions regarding the cloud is that you can rely on the cloud provider service to protect your business, your data and everything else your firm holds dear.
Take a minute to think about your own home security system. Do you just lock the doors with the key and head off to work, fully secure that your valuables will still be there when you get back? Not likely. Many of us have at least a simple alarm system in place on doors and windows. More and more people are heading toward the latest trends in home security: motion sensors, 24-hour video cameras, remote door answering, etc.
Why does securing your cloud matter? Three enormous reasons:
- Your cloud provider is only managing part of your security.
- Cloud security lowers the risk of data breaches.
- The minimum level of security compliance should never be enough.
Your security vs. cloud security
Let’s talk about your security against the cloud service provider’s security. The provider has specific language in any contract it signs with you concerning what it is and isn’t responsible for if there is a security breach. In its 2016 “Cloud Adoption & Risk Report,” SkyHigh Networks reported that the average user in an organization employed 36 different cloud services at work. That’s 36 potential security breach points into your cloud and 36 ways for information to leak out. By introducing all of the apps you need to make your business run to your cloud environment, you must take on the responsibility of ensuring that they are only serving their necessary capacity when analyzing and manipulating the data stored in your cloud.
It is integral that you manage all of your cloud-based applications and treat them all as security risks until the day you can scratch them off that list. The old days of hiring a third-party app to plug-and-play into your network are long gone. Your best way forward should be with a Security-as-a-Service (SECaaS) solution. Just like your infrastructure, software and your share of the cloud itself, SECaaS is the scalable solution that can handle your growth but also downgrade in the event your business shrinks. Even an in-person, onsite IT expert is not available 24 hours a day, 7 days a week, but a SECaaS is. The service can deploy solutions instantaneously when problems or suspicious activities arise, unlike in a traditional setting where everyone is waiting around for the IT professional to respond to a call for help.
The high price of data breaches
As for breaches, a 2016 study showed that the estimated cost of a data breach for a company is US $4 million. If your company has an extra $4 million lying around, by all means don’t fret about your cloud security. That figure might seem high at first glance, but there’s far more at work here than merely a loss of data or intellectual property. When you take a public data breach, word travels fast. Your best employees will be more receptive to offers from competitors. Your recruitment will suffer as those entering the workforce and those seeking to switch employers will take a lot harder look at what sort of company gets breached and what kind of company they’re looking to work for. And last but not least is the impact your data breach will have on your company’s public perception. The public has an incredibly long memory when it comes to embarrassing incidents for public companies. Don’t believe it? Fast-food giant Jack in the Box had a scare with mislabeled meat in 1981, and 37 years later, it’s still one of the top Google results for the restaurant chain.
Nobody wants the minimum
You didn’t get into business to do the bare minimum when it comes to protecting your assets and your customers’ information. No salesman has ever told a customer that he’d do the absolute least amount of work he could to get the customer’s business. The same excellence you strive for in taking command of your market and maximizing your profits should be applied to keeping your cloud secure.
To ensure the security of your cloud, consider adding dimensions such as multifactor security, where even if an employee’s login name and password are stolen or compromised, the party that took it still cannot access your cloud without an additional layer of security. Simple steps like this can be the difference between a secure cloud system and one just waiting to be picked apart by hackers.
Marty Puranik, CEO, Atlantic.Net
[ISACA Now Blog]