IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
Five tips for tackling cloud security concerns
Mon, 2nd Nov 2015
FYI, this story is more than a year old

Security concerns are still side-tracking many businesses as they begin their path to the public cloud. But it doesn't have to be that way, says CompTIA.

The technology industry body says one of the top fears for businesses considering adopting public cloud infrastructure is the notion that it is public, and therefore unsecure.

“However, publicly-available cloud resources can be as secure as other computing environments through the joint efforts of IT and service providers,” CompTIA says.

Jim Hamilton, CompTIA vice president of member communities, says despite the questions security incidents raise, the transition to the cloud continues to accelerate, thanks to benefits that can be gained in areas such as agility and scalability.

“Companies beginning the long road to shifting their data and services to the public cloud often get side-tracked by security concerns,” Hamilton says.

“Most security concerns revolve around system outages and data loss. By identifying and mapping out how to respond to these concerns organisations can move forward knowing that their security is covered.”

CompTIA says it has identified five ways organisations can tackle their security concerns:

Know the risks One of the primary technologies supporting cloud computing is virtualisation, and it is important to understand how this may affect a security strategy, CompTIA says.

It says the management tools provided by virtualisation vendors can assist with the necessary activities to secure a virtual environment. The most important tool is a proper understanding of the environment and its risks, and knowledge of the governing policies used by cloud vendors to minimise them.

Build on trust through evaluation. According to CompTIA's ninth annual Information Security Trends study, 85% of cloud users report being confident or very confident in their cloud service provider's security, despite the fact that only three in 10 customers report conducting a comprehensive review of the security policies, procedures and capabilities of their providers.

“This indicates that most public cloud customers place a lot of trust in their providers,” notes CompTIA. “However, it is important to back up this trust by evaluating cloud providers further in areas such as encryption policies and disaster recovery plans.”

Understand that not all data is meant for the cloud All signs point to even greater levels of cloud adoption in the coming years, but it could be some time before organisations use the cloud for the majority of their systems. Certain types of data and applications, such as confidential financial data, credit card data, and sensitive IP will remain on-premise.

For organisations especially concerned about security, there will continue to be a need for secure on-premise solutions, CompTIA says.

Know compliance requirements Organisations transitioning to the cloud need to know their compliance requirements or risk discovering a security-related element that forces a change of plans after a data breach incident. IT solution providers and cloud vendors can provide an additional layer of compliance assurance.

Understand different views of security Cloud computing lowers the barrier of entry to technology and gives access to areas that have traditionally required cooperation with the IT department. Yet business staff who begin using cloud solutions without the backing of the IT team may not be considering where data is being stored, what happens in case of an outage, or how the cloud tool is integrated into other business systems.

To help combat potential problems with which this approach, it is important businesses understand individual departments' desire for cloud solutions regardless of the security profile they present, and implement company-wide policies to help combat them.