Why is cloud security important?
Cloud security, also known as cloud computing security, is a collection of security measures designed to protect cloud-based infrastructure, applications, and data. These measures ensure the authentication of users and devices, access control for data and resources, and protection of data privacy. They also support regulatory compliance.
Cloud security is critical since most organizations are already using cloud computing in one form or another. Gartner's recently reported that the worldwide market for public cloud services grew 17% in 2020, with software as a service (SaaS) remaining the largest market segment.
But as companies move more data and applications to the cloud, IT professionals remain concerned about security, governance, and compliance issues when their electronic data is stored in the cloud. They worry that highly sensitive business information and intellectual property may be exposed through accidental leaks or due to increasingly sophisticated cyber threats.
Maintaining a solid cloud security posture helps organizations achieve the now widely recognized benefits of cloud computing:
Is the cloud secure for my content?
As companies depend more on cloud storage and processing, CIOs and CISOs may have reservations about storing their content with a third party, apprehensive that abandoning the perimeter security model might mean giving up their only way of controlling access. This fear turns out to be unfounded.
Over the last decade, cloud service providers (CSPs) have matured in their security expertise and toolsets. They ensure boundaries between tenants are protected (so, for example, one customer cannot view data from another customer). They also implement procedures and technology that prevent their own employees from viewing customer data (typically, both encryption and company policy prevent workers from looking at data).
CSPs are acutely aware of the impact a single incident may have on their customers' finances and brand reputation, and they go to great lengths to secure data and applications. These providers hire experts, invest in technology, and consult with customers to help them understand cloud security.
Customers are beginning to accept the notion that their data is probably safer in the cloud than within the company's perimeter. According to a study by Oracle and KPMG, 72% of participating organizations now view the cloud as much more or somewhat more secure than what they can deliver on-premises themselves. The cloud offers centralized platforms that reduce the surface area of vulnerability and allows for security controls to be embedded consistently over multiple layers.
Data breaches do still occur. But upon closer inspection of the cases that have gone down in recent years, most of the breaches result from either a misunderstanding about the role the customers play in protecting their data or of customer misconfiguration of the cloud's security tools service provider. This fact is evident in the most recent annual Verizon Data Breach Investigations Report. This report describes the causes of 2,013 confirmed data breaches and makes virtually no mention of cloud service provider failure. Most of the breaches detailed in the Verizon report resulted from the use of stolen credentials.
To help avoid misunderstandings about the responsibilities between customers and providers regarding cloud security, industry analysts and cloud service providers have recently developed the Shared Responsibility Security Model (SRSM), a model that helps clarify where responsibilities lie for security.
Five things to look for when choosing a CSP
When it comes to CSP solutions that manage your content in the cloud, you need good vendors you can trust who prioritize security and compliance. Here are six things to look for in a cloud solution: