Story image

Five tips for tackling cloud security concerns

02 Nov 2015

Security concerns are still side-tracking many businesses as they begin their path to the public cloud. But it doesn’t have to be that way, says CompTIA.

The technology industry body says one of the top fears for businesses considering adopting public cloud infrastructure is the notion that it is public, and therefore unsecure.

“However, publicly-available cloud resources can be as secure as other computing environments through the joint efforts of IT and service providers,” CompTIA says.

Jim Hamilton, CompTIA vice president of member communities, says despite the questions security incidents raise, the transition to the cloud continues to accelerate, thanks to benefits that can be gained in areas such as agility and scalability.

“Companies beginning the long road to shifting their data and services to the public cloud often get side-tracked by security concerns,” Hamilton says.

“Most security concerns revolve around system outages and data loss. By identifying and mapping out how to respond to these concerns organisations can move forward knowing that their security is covered.” 

CompTIA says it has identified five ways organisations can tackle their security concerns: 

Know the risks One of the primary technologies supporting cloud computing is virtualisation, and it is important to understand how this may affect a security strategy, CompTIA says.

It says the management tools provided by virtualisation vendors can assist with the necessary activities to secure a virtual environment. The most important tool is a proper understanding of the environment and its risks, and knowledge of the governing policies used by cloud vendors to minimise them. 

Build on trust through evaluation. According to CompTIA’s ninth annual Information Security Trends study, 85% of cloud users report being confident or very confident in their cloud service provider’s security, despite the fact that only three in 10 customers report conducting a comprehensive review of the security policies, procedures and capabilities of their providers.

“This indicates that most public cloud customers place a lot of trust in their providers,” notes CompTIA. “However, it is important to back up this trust by evaluating cloud providers further in areas such as encryption policies and disaster recovery plans.” 

Understand that not all data is meant for the cloud All signs point to even greater levels of cloud adoption in the coming years, but it could be some time before organisations use the cloud for the majority of their systems. Certain types of data and applications, such as confidential financial data, credit card data, and sensitive IP will remain on-premise.

For organisations especially concerned about security, there will continue to be a need for secure on-premise solutions, CompTIA says.

Know compliance requirements Organisations transitioning to the cloud need to know their compliance requirements or risk discovering a security-related element that forces a change of plans after a data breach incident. IT solution providers and cloud vendors can provide an additional layer of compliance assurance. 

Understand different views of security Cloud computing lowers the barrier of entry to technology and gives access to areas that have traditionally required cooperation with the IT department. Yet business staff who begin using cloud solutions without the backing of the IT team may not be considering where data is being stored, what happens in case of an outage, or how the cloud tool is integrated into other business systems.

To help combat potential problems with which this approach, it is important businesses understand individual departments’ desire for cloud solutions regardless of the security profile they present, and implement company-wide policies to help combat them. 

Interview: What you can expect from LogicMonitor's APAC expansion
LogicMonitor is a provider of SaaS-based infrastructure monitoring software for hybrid IT environments – and it has big plans to shake up Asia Pacific this year.
Cryptomining apps discovered on Microsoft’s app store
It is believed that the eight apps were likely developed by the same person or group.
A multi-cloud approach - what is in it for me?
OVH CEO Michel Paulin explains the benefits of a multi-cloud approach to an organisations digitalisation and what to consider before implementation.
Why the IT service integration market is becoming highly automated
"The SIAM market is not large, but it is one of the fundamental pillars of every digital transformation strategy."
Intel and Rakuten partner to address 5G network gap
“We believe this full end-to-end virtualised network will help us to shift away from reliance on dedicated hardware and legacy infrastructure.”
Spoofs, forgeries, and impersonations plague inboxes
It pays to double check any email that lands in your inbox, because phishing attacks are so advanced that they can now literally originate from a genuine sender’s account – but those emails are far from genuine.
HCL and IBM collaborate to encourage global hybrid cloud uptake
HCL announced a collaboration with IBM designed to help advance the hybrid cloud journeys of organisations worldwide. 
Robots to the fore – Key insights for New Zealand Business into RPA in 2019
From making artificial intelligence a business reality to closer ties to human colleagues, robotic process automation is gearing up for a strong 2019.