Is Business Security in the Cloud Going Up?

Hawley Hansen, Senior Manager of Security Services, Product Management, XO Communications

Hawley Hansen, Senior Manager of Security Services, Product Management, XO Communications

Just about everyone is talking about cloud security right now and it is for a good reason. Security gaps put companies at risk of data breaches that can cost or­ganizations mil­lions of dollars. In fact, according to an I B M - sponsored study published by the Ponemon Institute entitled “2015 Cost of Data Breach Study: Global Analysis,” data breaches cost or­ganizations an average of $6.5 million per incident in the United States. Proponents of public and hybrid cloud services say cloud security is at least on par with on-premises alternatives, while detractors claim the only way for companies to effectively safeguard their data is by keeping it on site. What is the verdict? Are you better off going all out for the cloud or keeping some data close at hand? And, could this decision cost you millions?

"Business cloud security is no myth—a maturing market combined with emerging security threats now makes opting for a break-even proposition a safe bet"

As noted by business publication Fortune, there is some evidence to suggest that public cloud security comes with inherent risks. Con­sider the goal of cloud front-runner Amazon; which according to Am­azon Web Services chief Andy Jassy is to “have every company run all of their business and all of their applications on top of our technol­ogy and infrastructure platform.”

While consolidating where data is stored makes sense from a cost perspective, one needs to ask: What happens when so much data is managed by a single entity? This is the foundation of most cloud se­curity arguments: By keeping massive data volumes from multiple companies in the same place, are providers creating a giant “bank” that’s just waiting for motivated robbers to break down the door? Those two questions are enough to per­suade some companies that cloud offer­ings simply aren’t up to par as it relates to data security.

The Myth of On-Site Security

According to the publication Chief In­formation Officers (CIO), the idea of weak cloud security is rooted in myth, not fact. When asked, IT experts agreed that cloud providers have spent years preparing their networks to handle data security issues, and are now spending at the scale of enterprise organizations — but are able to invest in security to a far greater degree since their fortunes live and die on keeping customer data secure.

There is also a prevalent myth that physical control of data and servers grants more security than moving data to off-site cloud services. At first glance, it makes sense: If data never leaves local stacks, surely this reduces the likelihood of a breach. Recent data breaches, how­ever, tell a different tale, consider the Point-of-Sale (POS) breaches that struck a variety of major retailers in recent years. It wasn’t the location of data that mattered — for example, a third-party POS system largely unconnected to the primary corporate network was compro­mised, allowing hackers to steal millions of consumer records. Experts suggest, therefore, that physical control matters less than access controls and oversight — meaning that the right cloud provider can easily match, if not surpass, local securi­ty performance.

Checks and Balances

The need for effective security is on the rise; according to a recent PWC report, data breaches are up by 38 percent over last year and despite a 24 percent bump in security budgets, many companies still don’t take IT threats seriously. This represents an ide­al landscape for hackers: Companies with money to spend but avoiding cloud securi­ty services in favor of amped-up physical defenses and bigger local data centers. The result: As mentioned earlier, data breaches that are costing organizations an average of $6.5 million per incident in the United States — to say nothing of the long-term impact on customer perception and stakeholder trust.

What is the best course of action if com­panies want to avoid writing big security checks and shelling out even bigger amounts for breach remediation? Business cloud se­curity, in partnership with reputable third parties it’s possible for companies to secure­ly move, store and access their data using strong encryption protocols. Then defend new network perimeters using virtualized next-generation firewalls leveraging state-ful packet inspection, along with intrusion detection systems capable of monitoring and responding to anomalous traffic. Once com­panies are comfortable with the notion of moving both security and data to the cloud, the next step in true centralization of security services is to provide real-time management reports, along with full VPN support to keep all connection activity private and secure.

Business cloud security is no myth — a maturing market combined with emerging security threats now makes opting for a break-even proposition a safe bet.

Read Also

The Apparent Connection between CIO's Success and Business Outcomes

Bill Kohler, CIO Americas, International SOS

Innovation: Not Just Shiny Widgets

Michael Silla, SVP, Skanska USA Mission Critical Center of Excellence

What Will Matter Most Tomorrow is the Data Center Location You Choose Today?

Jeff Rossate, Executive Director, Office of Business Development, Minnesota Department of Employment and Economic Development

How to Transform Infrastructure at the Edge

Jyeh Gan, Director of Product Management, Marketing & Strategy, Extreme Scale Infrastructure (ESI), Dell EMC