Given the current state of maturity in cloud adoption, extoling the benefits of cloud computing to IT leaders is now preaching to the choir. In the past year, cloud services have gained mainstream recognition not just for enhancing productivity and collaboration, but also for improving security.
Dispelling the myth that cloud is inherently insecure marks a victory for cloud service providers, IT departments, and end users. Organizations across industries now recognize that moving data to the public cloud, far from creating a data security liability, instead offers the opportunity to achieve “tremendous security.”
A watershed moment came with the public sector’s embrace of cloud this year. After the OPM was burned by poor data security from legacy servers, we’ve seen government agencies like the US Air Force move forward with major cloud deployments. Chalk up US federal government CIO Tony Scott as the latest proponent of cloud in the public sector. Scott is bullish on cloud’s security prospects, recommending organizations to “… get to the cloud as quick as you can because you’re guaranteed almost to have better security there than you will in any private thing you can do.” Enterprise cloud providers employ world-class talent and unmatched resources to solve IT challenges. Furthermore, cloud services’ trust-based business model depends heavily on security. CIOs would be wise to stake their bets with market forces and the government’s top IT leader by moving forward with cloud.
— Stephen Landry (@landryst) November 22, 2015
Of course, it’s one thing to decide to migrate to cloud and another to execute. Enterprise-wide cloud deployments require different skills, and potentially a different mindset. An article posted by Seton Hall’s Stephen Landry outlines the culture and skill shifts ushered in with the move to cloud. Many IT competencies will be outsourced to cloud vendors, requiring staff to focus on business challenges rather than “racking and stacking.” Change can be off-putting at first, and IT leaders cite grumblings from staff initially when they’re tasked with learning new skills. However, this can ultimately be a good this, such as was the case in Weather Company’s cloud project, where staff members were able to adapt to their new roles and now function as a more dynamic, innovative department.
— Stephen Landry (@landryst) November 22, 2015
Anthony Stevens, CIO at KPMG, argues that the future is now when it comes to demand for cloud, as tomorrow’s business models will be and are being built on cloud services. He offers advice from the cloud buyer’s perspective and highlights the rapid innovation of service providers. When choosing a vendor, CIOs should be more concerned with vision than current product features because new versions release at such a rapid rate. Cloud services offer seamless product updates, ensuring customers have the latest and greatest capabilities deployed. This mindset is a testament to the innovative solutions cloud customers can look forward to, and a major reason companies turn to SaaS providers for technology solutions across business functions, from Human Resources to Product Development to Sales. New features may make employees more productive or increase user satisfaction, but it is also this model of constant updates that gives SaaS solutions a security advantage over traditional software. It’s not surprising that Microsoft’s security and cloud initiatives have progressed hand in hand.
— Anthony Stevens (@antpstevens) November 23, 2015
Regardless of how far technology and attitudes have come, cloud security initiatives are still in the early days. Even network security vendors caution enterprises about the need to focus more attention beyond the network perimeter. Securing cloud networks will become central to every enterprise’s risk management in 2016, according to predictions shared by three25’s Christian McMahon. Palo Alto Networks’ CSO predicts that businesses’ private networks will shrink as companies turn to cloud services to store, manage, and analyze the massive data coming from connected devices and cloud-based systems of record. Whether as a repository for sensitive information or a method for hackers of exfiltrating data, expect SaaS applications to come under IT’s InfoSec microscope in the months to come.
— Christian McMahon (@ChristianMcM) November 22, 2015
Whether IT is aware or not, attackers have already started to follow corporate data to the cloud. In the early days of cloud adoption, companies were most concerned about attackers using cloud services to steal data without detection, as in Anthem’s breach earlier this year. Cloud deployments now rival on-premises systems of record as stockpiles of valuable corporate information, and security priorities have shifted appropriately. Companies are now worried about threats targeting enterprise cloud services like Salesforce, Box, and Office 365.
Studies show attacks against cloud services have risen 45% in response to data’s exodus off-premises. Mark Bennet of Blustor highlights the central role of compromised credentials in the emerging threat landscape. Periodic breaches ensure a steady supply of user credentials for sale on the Darknet, and most companies would be hard pressed to detect malicious activity from normal employee use of a sanctioned service. Attackers are already exploiting stolen credentials to access corporate data in the cloud: the average company suffers five compromised account incidents each month. Now that organizations have warmed to the security capabilities of cloud services, it’s time they look closely at user activity to sniff out malicious or unintentionally risky behavior. Vulnerabilities like compromised credentials and insider threats represent the next generation of cloud security challenges.
— Mark W. Bennett (@newfrontiercio) November 22, 2015
CASB Magic Quadrant 2019 is here – McAfee a Leader for third consecutive year
CASB RFP Template: 200+ Common Questions Enterprises Are Asking
9 Cloud Computing Security Risks Every Company Faces
Office 365 Security Concerns: Download Definitive Guide to Office 365 eBook
51 AWS Security Best Practices