It may be their cloud, but it’s your data
Migrating data storage to the cloud and security risks
The rapid growth of cloud technologies aiding remote and hybrid working has become an accepted part of doing business. According to a recent study by McKinsey & Company, companies have accelerated their cloud adoption by three years compared to pre-pandemic adoption rates, and Gartner is estimating that spending on public cloud services will exceed $480 billion next year.
Poupak Modirassari-Enbom is Vice President of Global Marketing at Thales.
Ongoing supply chain challenges may too be a factor that has accelerated the adoption of cloud technologies – in order to improve overall efficiency and flexibility. This ongoing increase in cloud adoption comes down to the benefits it offers in enabling the digital transformation wave, that’s kicked into hyper gear over the past eighteen months. Whether it’s to stay agile and increase performance or reduce complexity and IT cost, we can agree that moving to the cloud is bringing companies competitive advantages.
Your data. Their cloud
A key topic that many businesses need to address when transitioning to the cloud is cybersecurity. With many organizations operating across multiple clouds for different applications and workloads, each has their own set of security processes and protocols. This can be tricky to keep on top of and lead to gaps around control, visibility and operational efficiency.
In an era where users access data from multiple locations, primarily outside of the core company network, failing to secure information stored or moving through cloud environments can be costly. Regulations and rules such as GDPR and Schrems II also require companies to protect their data and the privacy of their end-users by keeping their security protocols up to date using best of breed technology.
One of the reasons businesses can fall short is due to a lack of awareness that the responsibility to protect sensitive data remains with owner, not the cloud provider. Some mistakenly assume that it is the responsibility of their cloud provider to take the necessary steps to protect sensitive data. Ultimately, businesses need to realize if it’s their data, then it is their responsibility to protect it, no matter where it resides.
So, what can businesses do to ensure they’re able to take advantage of the cloud without compromising their security?
1. Invest more in security talent
Before businesses can go about protecting themselves in the cloud, they need to ensure they’re set up organizationally. By investing in and dedicating more internal resources for cybersecurity and adapting a Zero Trust Strategy, a framework with strict and continuous identity verification and data control, C-level execs will demonstrate their leadership.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
2. Know where your data is
Before any strategy can be adopted, organizations must understand what data they have and where it is. It’s impossible to devise a strategy to protect data if the company doesn’t know what data it has or where it’s being stored. Conducting an audit is vital to understanding not only what data there is, but which data sets should be considered most sensitive.
3. Protect your data
Once the sensitive data has been identified and located, it is vital that the business focuses on protecting the data and attaching security to the data itself. Perimeter defenses are no longer effective in the cloud. Implementing encryption protects that data at its core and renders it useless to anyone not authorized to access it.
4. Control the keys and access to your data
Encrypting data automatically creates an encryption key – a unique tool that can unlock and lock data. Protecting these keys are vital. Those keys should be in control by you, not the cloud provider. Without control of the keys, the cloud provider could be required to hand them over to a government or even worse exposing the keys and basically handing the keys to the kingdom straight to the hackers.
Once the keys are secure, it is important to implement the protocols that ensure only authorized people can access the information. Implementing multi-factor authentication is key here. It uses an extra piece of information to verify the user’s identity in addition to their user name and password. As passwords can easily be stolen, multi-factor authentication is vital for a successful cloud security strategy.
Cloud security is an ongoing process and businesses must continually be assessing their strategies. Whenever any new data comes into the system or is created, businesses must repeat the above steps. Carried out correctly, these processes will ensure only those authorized to access the data can do so.
The cloud is essential to the way businesses operate. From scalability, agility, increased speed to market and improving overall competitiveness, the benefits will set companies, no matter their size, on a strong footing to take on the digitally enabled world and grow their customer base. Security is a huge part of this and no cloud strategy can be successful without a data protection counterpart to back this up.
In a world of increased awareness, alongside daily news on data breaches, businesses need to build trust that they’re able to protect sensitive data no matter where it resides.
Poupak Modirassari-Enbom is Vice President of Global Marketing at Thales.