Is Business Security in the Cloud Going Up?
Just about everyone is talking about cloud security right now and it is for a good reason. Security gaps put companies at risk of data breaches that can cost organizations millions of dollars. In fact, according to an I B M - sponsored study published by the Ponemon Institute entitled “2015 Cost of Data Breach Study: Global Analysis,” data breaches cost organizations an average of $6.5 million per incident in the United States. Proponents of public and hybrid cloud services say cloud security is at least on par with on-premises alternatives, while detractors claim the only way for companies to effectively safeguard their data is by keeping it on site. What is the verdict? Are you better off going all out for the cloud or keeping some data close at hand? And, could this decision cost you millions?
"Business cloud security is no myth—a maturing market combined with emerging security threats now makes opting for a break-even proposition a safe bet"
As noted by business publication Fortune, there is some evidence to suggest that public cloud security comes with inherent risks. Consider the goal of cloud front-runner Amazon; which according to Amazon Web Services chief Andy Jassy is to “have every company run all of their business and all of their applications on top of our technology and infrastructure platform.”
While consolidating where data is stored makes sense from a cost perspective, one needs to ask: What happens when so much data is managed by a single entity? This is the foundation of most cloud security arguments: By keeping massive data volumes from multiple companies in the same place, are providers creating a giant “bank” that’s just waiting for motivated robbers to break down the door? Those two questions are enough to persuade some companies that cloud offerings simply aren’t up to par as it relates to data security.
The Myth of On-Site Security
According to the publication Chief Information Officers (CIO), the idea of weak cloud security is rooted in myth, not fact. When asked, IT experts agreed that cloud providers have spent years preparing their networks to handle data security issues, and are now spending at the scale of enterprise organizations — but are able to invest in security to a far greater degree since their fortunes live and die on keeping customer data secure.
There is also a prevalent myth that physical control of data and servers grants more security than moving data to off-site cloud services. At first glance, it makes sense: If data never leaves local stacks, surely this reduces the likelihood of a breach. Recent data breaches, however, tell a different tale, consider the Point-of-Sale (POS) breaches that struck a variety of major retailers in recent years. It wasn’t the location of data that mattered — for example, a third-party POS system largely unconnected to the primary corporate network was compromised, allowing hackers to steal millions of consumer records. Experts suggest, therefore, that physical control matters less than access controls and oversight — meaning that the right cloud provider can easily match, if not surpass, local security performance.
Checks and Balances
The need for effective security is on the rise; according to a recent PWC report, data breaches are up by 38 percent over last year and despite a 24 percent bump in security budgets, many companies still don’t take IT threats seriously. This represents an ideal landscape for hackers: Companies with money to spend but avoiding cloud security services in favor of amped-up physical defenses and bigger local data centers. The result: As mentioned earlier, data breaches that are costing organizations an average of $6.5 million per incident in the United States — to say nothing of the long-term impact on customer perception and stakeholder trust.
What is the best course of action if companies want to avoid writing big security checks and shelling out even bigger amounts for breach remediation? Business cloud security, in partnership with reputable third parties it’s possible for companies to securely move, store and access their data using strong encryption protocols. Then defend new network perimeters using virtualized next-generation firewalls leveraging state-ful packet inspection, along with intrusion detection systems capable of monitoring and responding to anomalous traffic. Once companies are comfortable with the notion of moving both security and data to the cloud, the next step in true centralization of security services is to provide real-time management reports, along with full VPN support to keep all connection activity private and secure.
Business cloud security is no myth — a maturing market combined with emerging security threats now makes opting for a break-even proposition a safe bet.