“The volume of public cloud utilisation is growing rapidly, so that inevitably leads to a greater body of sensitive stuff that is potentially at risk,” says Jay Heiser, vice president and cloud security lead at Gartner, Inc.
Contrary to what many might think, the main responsibility for protecting corporate data in the cloud lies not with the service provider but with the cloud customer. “We are in a cloud security transition period in which focus is shifting from the provider to the customer,” Heiser says. “Enterprises are learning that huge amounts of time spent trying to figure out if any particular cloud service provider is ‘secure’ or not has virtually no payback.”
The belief that cloud providers are responsible for their customers’ security means that many enterprises fail to look at the real problem which is the way their employees share inappropriate data with other employees, external parties and sometimes the whole internet.
Virtually all public cloud use is within services that are highly resistant to attack and, in the majority of circumstances, represent a more secure starting point than traditional in-house implementations.
Cloud services like Azure come with an easy firewall service that you can plug into your infrastructure, pretty painlessly as long as you have a static IP address.
Although the industry has developed a lot of security solutions that keep being improved. The majority of breaches do not occur due to the systems being attacked but they happen because users or employees do not observe regulations.
Cloud service providers can afford to hire highly qualified, top-of-the-market system and security managers, which often translates into quality around-the-clock security monitoring and response rates.
Often this false sense of security brings about human processes that are too flexible and allow a lot of data to be shifted around at will. Companies need to acknowledge this as the major threat and focus more on providing the correct data security levels and access to the right employees.
Ultimately the responsibility lies with the business to exert the correct control over their cloud. Enforcing clear policies around data sharing and usage as well as detailing responsibility within accepted processes is key to long-term safety.
Businesses that don’t take a strategic approach to the secure use of cloud computing by their employees, could find themselves in a situation where they lose control of their data which in some cases can be devastating to the business. You will not need to worry about digital data attacks if you use Azure firewalls but you certainly should be worrying about creating strong levels of security based on your company structure. If you need help defining the human structures in your cloud contact a professional from Intercomp for a free consultation.