As organizations push their workloads into the cloud, IT is losing control over the security of their infrastructures. With the Internet of Things (IoT) and mobile applications thrown into the mix, more data resides off-premises, leaving IT in a big dilemma as to how to best protect company data. This means that IT needs to adapt their security approach to ensure that enterprise data is safe and secure, regardless of where it resides.
Challenging the Legacy Model of Security
According to the recent PwC Global State of Information Security Survey 2017, 63 percent of organizations run IT functions in the cloud. With more cloud-based services and applications that sit outside of the firewall, combined with an increasingly mobile workforce who expects anytime, anywhere access to data, we can no longer distinguish what is “inside” vs. what is “outside” the perimeter. The methodology of using a perimeter-based security approach is no longer effective for enterprise security.
Cyberattacks were identified by 29 percent of organizations surveyed who reported having lost data in the last year. Not only is it more difficult to define the perimeter, it is even more difficult to defend it. Malicious insiders, advanced persistent threats, malware containing malicious links, over-privileged users and the increased threat from ransomware and DDoS attacks have escalated the need for improved cybersecurity measures.
To be effective, IT needs to look beyond physical walls to extend to the cloud and examine the endpoints that are now a big part of the equation.
The Danger of Cybersecurity Complacency
According to Dell EMC’s Global Protection Index 2016, nearly half of IT decision-makers who responded to the survey felt that not all the data stored in the cloud by their organization was protected. The survey further finds that more than 80 percent indicated they rely on SaaS-based business applications, and while 29 percent of their organization’s IT environment is in the public cloud, on average nearly half (47 percent) of organizations believe that not all of their data stored in the cloud is protected.
Three factors likely contribute to that uncertainty:
- With the shift to the cloud, many organizations don’t know exactly where their data resides.
- IT teams need to play a more active role in ensuring the security of corporate data in the cloud.
- Shadow IT has created vulnerabilities resulting from a lack of access control.
Protecting Enterprise Data
The first step to determining your organization’s risk is to take a full inventory of what cloud services employees are using and how they are using those services. Once you gain visibility into your cloud landscape, it’s time to ensure you have optimal controls in place:
- Automation: When a workload is launched, it needs to be automatically protected, just as it would be if the workload resided on the perimeter.
- Personalization: While universal policies should be applied, each workload type should have its own additional policies, based on factors such as the sensitivity of data and regulatory context.
- Pre-built: The controls should be pre-built into a template so that the developer doesn’t need to continuously investigate which security protocols apply to the new workloads.
Choosing a Cloud Provider
Your cloud provider must be a true partner. It’s important to ensure the service-level agreement (SLA) protects your organization while outlining the duties and responsibilities of each party. Protections you should expect from a cloud provider include measures such as:
- Data center physical security, employee screening and training
- Protocols for regular patching, software updates and system upgrades
- A security model that assigns network permissions, authenticates user permissions prior to accessing resources
- A data map that shows where data resides to properly protect sensitive data
- Defense in-depth, on-premises cybersecurity model applied in the cloud
With a cloud provider as a true partner, organizations can then focus on enterprise-specific concerns such as user management, including authentication protocols and workload separation based on data sensitivity.
The cloud is indeed a game-changer for today’s enterprises. While security continues to be a concern, with a properly executed and comprehensive strategy, cloud adoption can become an enabler rather than a burden. Not sure where to start? Contact us today for a complimentary cloud readiness assessment to help you gain control over your cloud and keep your data safe.