//mega nav ctas

Cloud Security Risks

Posted On: May 23, 2017

Topic: Multi-Cloud

When it comes to cloud security risks, choosing the right cloud service provider is can be a real challenge. While the reasons to add the cloud to your infrastructure varies by organization one thing is certain — security must be a priority.

Choosing a Cloud Provider

The first step on your cloud journey is choosing the right cloud provider, but what should you consider?

  • Experience matters: A cloud provider should understand your business goals and have experience working in your industry. Your requirements from scalability, response times and disaster recovery, require that you look at the track record of the cloud provider to make sure they can support your business-critical needs.
  • Cloud platforms matter: A cloud provider should have experience with a variety of cloud deployment options. Your organization may only need a private cloud today, but your future needs might change, and a cloud provider with hybrid, public cloud and private cloud experience means they can grow with your business.
  • Compliance background matters: Meeting compliance regulations is complicated. You need a cloud provider who has experience reporting on and complying with audit requirements that are specific to your industry.
  • Security track record matters: Your service level agreement (SLA) should spell out what type of encryption is used, how traffic is authenticated, what technologies are used, and what policies are in place for both physical and cybersecurity.

Security in the Cloud

Eighty-five percent of enterprises currently use a multi-cloud strategy to run a majority of their workloads in the cloud. In many cases, security is a prime motivator, with many cloud providers offering better security than what customers can implement themselves on-premises.

It is important to vet potential cloud partners carefully to ensure cloud providers:

  • Follow security best practices: This includes everything from supporting proper controls at the edge (firewalls, IDS/IPS, etc.) and internally (host-based IPS/IDS, antivirus, antimalware), to having an expert security staff and implementing proper procedures like encryption, separation of duties, regular backups, etc.
  • Provide fast, simple, support: Beyond insisting on strict SLAs to ensure data always remains safe and accessible, organizations should also ensure their cloud partners emphasize simplicity, clarity and transparency across their user interface and customer dashboard, terms of service, security policies and 24x7 support.

Security is a Shared Responsibility

Gartner predicts that between now and 2020, 95% of cloud security failures will be the fault of the customer, not the cloud provider — meaning that cloud customers must also address the other half of the cloud security equation — their internal IT staff, policies and procedures. This “shared responsibility” model between the cloud provider and its customers means that an organization must:

  • Know where your data lives: Implement a robust data classification program to identify your most sensitive data and where it is located. Technical controls like data loss prevention (DLP) tools and cloud access security brokers (CASBs) are a must to monitor sensitive data.
  • Use strong passwords and multi-factor authentication: Ensure only legitimate users on the network and that employees are using only corporate-sanctioned applications. Strong, frequently-changed passwords and multi-factor authentication is essential to a secure environment, whether on premise or in the cloud.
  • Implement encryption: Encrypt your data whether in transit or at rest, no matter if your data resides on-premises or in the cloud. It’s wise to choose a cloud provider that lets customers control their own encryption keys, ensuring cloud providers can’t access or expose the data, even accidentally.

Achieving security in the cloud is possible, but it isn’t guaranteed. Organizations need to implement their security policies and procedures in conjunction with their cloud provider to provide the highest levels of protection against cloud security risks.

Not sure where to start? Contact OneNeck IT Solutions to speak with our cloud security experts.