Story image

Five tips for tackling cloud security concerns

02 Nov 2015

Security concerns are still side-tracking many businesses as they begin their path to the public cloud. But it doesn’t have to be that way, says CompTIA.

The technology industry body says one of the top fears for businesses considering adopting public cloud infrastructure is the notion that it is public, and therefore unsecure.

“However, publicly-available cloud resources can be as secure as other computing environments through the joint efforts of IT and service providers,” CompTIA says.

Jim Hamilton, CompTIA vice president of member communities, says despite the questions security incidents raise, the transition to the cloud continues to accelerate, thanks to benefits that can be gained in areas such as agility and scalability.

“Companies beginning the long road to shifting their data and services to the public cloud often get side-tracked by security concerns,” Hamilton says.

“Most security concerns revolve around system outages and data loss. By identifying and mapping out how to respond to these concerns organisations can move forward knowing that their security is covered.” 

CompTIA says it has identified five ways organisations can tackle their security concerns: 

Know the risks One of the primary technologies supporting cloud computing is virtualisation, and it is important to understand how this may affect a security strategy, CompTIA says.

It says the management tools provided by virtualisation vendors can assist with the necessary activities to secure a virtual environment. The most important tool is a proper understanding of the environment and its risks, and knowledge of the governing policies used by cloud vendors to minimise them. 

Build on trust through evaluation. According to CompTIA’s ninth annual Information Security Trends study, 85% of cloud users report being confident or very confident in their cloud service provider’s security, despite the fact that only three in 10 customers report conducting a comprehensive review of the security policies, procedures and capabilities of their providers.

“This indicates that most public cloud customers place a lot of trust in their providers,” notes CompTIA. “However, it is important to back up this trust by evaluating cloud providers further in areas such as encryption policies and disaster recovery plans.” 

Understand that not all data is meant for the cloud All signs point to even greater levels of cloud adoption in the coming years, but it could be some time before organisations use the cloud for the majority of their systems. Certain types of data and applications, such as confidential financial data, credit card data, and sensitive IP will remain on-premise.

For organisations especially concerned about security, there will continue to be a need for secure on-premise solutions, CompTIA says.

Know compliance requirements Organisations transitioning to the cloud need to know their compliance requirements or risk discovering a security-related element that forces a change of plans after a data breach incident. IT solution providers and cloud vendors can provide an additional layer of compliance assurance. 

Understand different views of security Cloud computing lowers the barrier of entry to technology and gives access to areas that have traditionally required cooperation with the IT department. Yet business staff who begin using cloud solutions without the backing of the IT team may not be considering where data is being stored, what happens in case of an outage, or how the cloud tool is integrated into other business systems.

To help combat potential problems with which this approach, it is important businesses understand individual departments’ desire for cloud solutions regardless of the security profile they present, and implement company-wide policies to help combat them. 

What the future of fibre looks like in NZ
The Commerce Commission has released its emerging views paper on the rules, requirements and processes which will underpin the new regulatory regime for New Zealand’s fibre networks.
Gen Z confidence in the economy is on the decline
Businesses need to work hard to improve their reputations.
Why NZ businesses have less than two years to adopt digital before disruption hits
Research found that digital disruption is already impacting two-thirds of New Zealand organisations.
Dell EMC launches interactive AI Experience Zones
The AI Experience Zones are designed to educate visitors about how to start, identify, and implement an AI project.
What NZ can learn from the Baltimore cyberattack
“Businesses must control physical access to their computers and secure their networks."
Infratil seeks clearance to acquire up to 50% stake in Vodafone NZ
The commission will give clearance to a proposed merger if they are satisfied that the merger is unlikely to have the effect of substantially lessening competition in a market.
Hands-on review: MiniTool Power Data Recovery Software
I came across a wee gem of advice when researching the world of data recovery. As soon as you get that sinking feeling and realise you’ve lost a file, stop using your computer.
Deepfakes the 'next wave of concern' - but can law really stomp it out?
Enforcing the existing law will be difficult enough, and it is not clear that any new law would be able to do better. Overseas attempts to draft law for deepfakes have been seriously criticised.