Home » Technology » Security Transformation » Cloud Security in 2017
Cloud security is a key priority for IT in 2017. In fact, in a survey of IT professionals from CompuCom Systems, 47 per cent of respondents said that cloud security was the most important priority for their organisation in 2017.
The global cloud security market is expected to be worth $8.9 billion by 2020, or so finds a report from Allied Market Research.
But what can IT managers do to protect their security when using the cloud?
Drill down and three key considerations emerge.
First off, you need to consider what information is too sensitive to be stored on the cloud. The cloud turns IT into a variable cost, you can ramp its usage up or down as needed, but you are trusting a third party with your security. You may feel that certain information is just too important, too sensitive to trust to the cloud, at all.
Secondly, since you are trusting your security to a third party, namely the cloud hosting company, do your due diligence and make sure that the security measures it employs are adequate.
Thirdly, just because you use the cloud, and lose control over servers, it does not mean that, as far as your own in-house security is concerned, you are impotent. There are steps you can take.
Returning to the second point above, make full use of your inbuilt security offered by your cloud provider. You may want to make use of third party tools to sit on top of or complement the services offered by your cloud provider.
Bear in mind that competitors may store their own data on the same server as you – introducing new security risks. To help mitigate against this risk, confirm that your cloud provider has adequate data isolation.
When moving over to the cloud, ensure that you are ready, and that staff are fully prepared. Bear aware that security procedures in place, pre-cloud, may not be appropriate as you move over to the cloud. Be willing to try and change habits that evolved pre-cloud.
The security tools you can apply are many and growing in number. CWPP for virtualisation security for example, or CASP for Software as a service – SaaS – governance.
Put in place a new security routine. Ensure adequate testing and scanning as a matter of procedure. Make sure all teams are up to date with the practice you have adopted – communicating policy is vital. Adequate training of all staff who will have access to data stored on the cloud is paramount.
Virtualisation introduces its own unique challenges – there is for example, the theoretical risk of compromising the virtualisation software, also called hypervisor.
Also, consider various degrees of sensitivity, some information is more sensitive than other information, not everyone needs access to all information. Take account of requirement and do not provide unnecessary access.
Other procedures that can help mitigate against security risks include: