Digital Edition

SYS-CON.TV
What Are the Top Security Concerns When Moving to the Cloud?
You need to understand what you can't afford to lose and what can protect you

Cloud computing brings a myriad of benefits for any enterprise, but it is also a cause for concern in a world where, according to InformationWeek, cyber criminals are now targeting "any company where they can find data to resell, disrupt or exploit."

Moving your company's sensitive data into the hands of third-party cloud providers expands and complicates the risk landscape in which you operate every day.

In order to understand what concerns should be given emphasis in your cloud security strategy, you need to understand what you can't afford to lose and what can protect you.

Understanding what you can't afford to lose
Data breaches, according to the Cloud Security Alliance, are the top cloud computing security threat for 2013 and beyond. Sensitive data can be of enormous value to a hacker, so you need to consider what sensitive data you are storing in the cloud.

This might be anything a criminal can use to determine or steal someone's identity, such as personally identifiable information (PII) like full names, addresses, birth dates, some IP addresses, and online logins and passwords; and financial information such as bank account numbers and PINs. Furthermore, you should consider any confidential corporate information you might share in the cloud.

Essentially, ask yourself "What do I have that others might want?" and "What do I have that I can't afford to lose?" Data privacy regulations often demand public breach notifications in the event of a malicious data breach or inadvertent data loss - particularly if the information is in the clear.

If your security strategy fails to protect sensitive data, your enterprise could face severe consequences in terms of business and reputation loss as the result of disclosure.

Understand what can protect you if you do lose your data
Businesses migrating to the cloud should lock down any sensitive data before it leaves the premises. As the Snowden leaks indicate, third-party cloud surveillance is ubiquitous, so the more open your data and access policies are for harvesting, the greater the risks to your cloud security strategy.

Deploy an encryption scheme that provides limited, controlled, enterprise-exclusive encryption key access. When you retain exclusive control of your encryption keys, you eliminate that concern of a data breach regardless of where your data resides or how many copies of it exist.

In many jurisdictions, a breach of strongly encrypted data to which the enterprise holds the key does not require public notification.

Even the systems you and your CSPs may have in place to prevent accidental erasure of your data can pose dangers to your enterprise's data privacy.

While backups, redundancy and other failover strategies protect against data loss due to deletion or system failures, they also create extra opportunities for the theft of this data that you consider important.

Keep in mind that, if you terminate your services with a particular CSP, you can never be certain the data has been digitally destroyed.

Moving to the cloud need not be complicated. An important element is for businesses to decide what data to put in the cloud - and then to encrypt it and retain the keys.

About Paige Leidig
Paige Leidig is SVP at CipherCloud. He has 20 years of experience in technology, marketing, and selling enterprise application solutions and managing trusted customer relationships. As SVP of Marketing, he is responsible for all aspects of marketing at CipherCloud. Paige was previously in the Office of the CEO at SAP, where he was responsible for leading and coordinating SAP’s acquisition and integration activities on a global basis. He has managed a number of marketing initiatives at SAP, including responsibility for all go-to-market activities for SAP’s Cloud applications portfolio. Preceding his SAP career, Paige held senior management positions with Ariba, Elance, and E*Trade.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1



ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures....
Now is the time for a truly global DX event, to bring together the leading minds from the technology...
On-premise or off, you have powerful tools available to maximize the value of your infrastructure an...
Artifex Software began 25-years ago with Ghostscript, a page description language (PDL) interpreter ...
In an age of borderless networks, security for the cloud and security for the corporate network can ...
In today's always-on world, customer expectations have changed. Competitive differentiation is deliv...
As the digitization of business accelerates the move of critical applications and content to the clo...
Blockchain has shifted from hype to reality across many industries including Financial Services, Sup...
Cloud Storage 2.0 has brought many innovations, including the availability of cloud storage services...
Concerns about security, downtime and latency, budgets, and general unfamiliarity with cloud technol...
In very short order, the term "Blockchain" has lost an incredible amount of meaning. With too many j...
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web...
For enterprises to maintain business competitiveness in the digital economy, IT modernization is req...
Cloud-Native thinking and Serverless Computing are now the norm in financial services, manufacturing...
Data center, on-premise, public-cloud, private-cloud, multi-cloud, hybrid-cloud, IoT, AI, edge, SaaS...
Public clouds dominate IT conversations but the next phase of cloud evolutions are "multi" hybrid cl...
Moving to Azure is the path to digital transformation, but not every journey is effective. Organizat...
Most modern computer languages embed a lot of metadata in their application. We show how this goldmi...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with exp...
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the c...