The cloud is one of the biggest trends going in enterprise computing, but springing up right next to it have been a range of security risks that some companies just aren’t willing to take on. With the news of cloud data breaches failing to slow down, companies may feel themselves positioned between, on one side, making use of the convenience of cloud-deployed services and cloud storage and, on the other side, having the safety, control, and peace of mind that come with handling IT the old-fashioned, in-house way. Such worries are not necessarily always unjustified.
Part of the reason for this may lie in the fact that security tools that were once relied on as the only solutions that a company needed just aren’t capable of handling the complex intertwining of business relationships and integrated technological solutions that make up a cloud deployment.
According to a Business Wire press release about the rising concerns over cloud security, 48 percent of those polled in a study said that traditional network security tools were somewhat ineffective in cloud environments. Additionally, 11 percent said that they were completely ineffective, and a quarter said that they cannot be measured for their effectiveness.
What can we make of these numbers? And what can you do in order to help protect your client’s data in an era where the old go-to solutions don’t appear to hold up? The following points will explore this and help you see where traditional security solutions leave gaps in cloud setups—and what can be done in order to fill them.
Shared Responsibility: A New Security Landscape
In the old days, network security was generally a matter of an IT department setting up log-in authentication, implementing a virtual private network (VPN), rolling out security patches in order to prevent infiltration, and setting up regularly updated comprehensive malware scanners in order to keep malicious files from making their way onto a network via end-user error.
But when a company has part of its critical data on the cloud, things become more complicated. Questions arise. What steps is the cloud vendor taking in order to secure data on the back end? Are software-as-a-service tools deployed from the cloud managed and secured by the vendor or the internal IT department? These are questions that need to be answered.
And if IT isn’t calling the shots internally, businesses can become confused and think that a cloud provider’s protection of their remotely stored data is sufficient for protecting all networking resources, leading them to take their eye off the ball on internal network security.
In light of this, knowing who owns what data and who is responsible for protecting what is critical to patching potential security holes that traditional security tools can’t address.
Visibility into Cloud Provider Security: A Must
One of the reasons some enterprises say that it’s impossible to evaluate the effectiveness of traditional security solutions on cloud deployments could be that companies often can’t see what is going on over on the cloud side.
If a company has its network locked down so that users can only go on the VPN with strong authentication and the most up-to-date, comprehensive enterprise malware protection available, that does nothing in order to protect the data stored on the cloud. Without visibility into the cloud vendor’s security practices, it is impossible to know how vulnerable its systems are to infection or intrusion.
You can guide clients to mitigating this uncertainty by having them peruse industry reviews of a given provider in order to make sure it has a solid reputation. And as a cloud relationship continues, it is both reasonable and advisable for a business to ask for monitoring reports from the cloud vendor so that a client’s IT department can review them and determine if the vendor’s security protocols are being held up to the business’s standards.
Where Traditional Security Tools Fail, Relationships Matter
While traditional security tools might not cut it in the cloud, that doesn’t mean companies can’t safely avail themselves of the cloud’s potential. With smartly coordinated contracts and business relationships that promote visibility and transparency, companies can create a more secure cloud computing experience—and you can guide them on the path to it.
What types of security tools and policies have you seen working well with the cloud?