October 18, 2018

How to Secure the Cloud and Stop the Leaks

Shalvi Nand

 

Shalvi Nand
Market Intelligence Analyst
Arrow ECS

 

Cloud adoption has grown in the last few years, with most organizations either considering or adopting cloud computing. Gartner estimates the cloud-based services market will grow at a 21% annual rate, amounting to about $9 billion in revenue by 2020.

Despite the steady growth rate, adoption of cloud security continues to be slow. Additionally, organizations that haven’t taken a strategic approach towards its implementation have faced compliance and data leakage incidents. While this may seem to validate long-held beliefs that cloud technology is inherently riskier, a closer inspection reveals the true culprit for most cloud-related data leakages is user error. News stories of cloud-related leakages are overwhelmingly due to user error and not that of the cloud provider. In fact, Gartner predicts that by 2022, at least 95% of cloud security failures will be the customer’s fault.

Shalvi Nand Quote

Forbes recently reported on a cloud storage error, due to internal human mistakes, that exposed over two million Dow Jones customer records. The affected data exposed personal information, including the last four digits of credit card numbers and telephone numbers. A Dow Jones spokesman said that the breach was due to an internal human error and not a hack or attack.

Examples of such user errors can cloud an organization’s judgement of cloud service providers that it might be evaluating. With the majority of the security breaches occurring due to some form of user error, how can security partners help cloud customers take a more holistic look of the risks associated with moving to the cloud? Here are some recommendations on how you can help educate your cloud customers think more intelligently about cloud security:

  • Take a strategic and governed approach
    Guidance on where the data can be placed should be provided at the enterprise level to avoid unnecessary compliance incidents. Cloud security means different things for SaaS, PaaS or IaaS. Partners should educate their customers and explain how their data will be secured based on the adoption model. Partners can help their organizations implement central management and a life cycle approach to cloud governance that will be needed to overcome the complexity of data residency and compliance requirements, particularly in hybrid/multi-cloud environments.
  • Understand that security is a shared responsibility
    While CSPs may have robust best practices when it comes to securing data, remember that most incidents occur due to human error from the customer organization. Consequently, an organization’s adoption of cloud should add an additional layer of separation within their network or storage placements. Partners specializing in identity and access management should demonstrate to their customers how companies that effectively manage their identities and control of data have fewer issues from internal data leakages than those who lack appropriate controls.
  • Prepare for damage control
    Ultimately, we are all human, and mistakes do happen. While we can’t prevent every security breach, we can certainly be prepared to minimize the damage. Setting up alerts that warn your customers when data is exposed could help fight the issue before it gets bigger. In addition, keeping security protocols current and educating employees on a regular basis could help a company face evolving threats.

Overall, cloud is not just a shift in technology, but a completely new way of doing business. Despite concerns, the cloud-based security market continues to lead in terms of growth within the overall security market. Organizations need to understand that the responsibility of keeping their data secure doesn’t automatically transfer to their CSP once they shift to the cloud. If a data loss occurs, they will still be liable for regulatory fines and loss of information. Paying attention to staff education and access, data location and security, will allow organizations to manage cybersecurity risks.