miércoles, 21 de octubre de 2015
Cloud security: 10 things you need to know
Is the cloud truly safe? Here's what you need to know about cloud security.
If we're talking about the cloud, we have to talk about security.
It seems that every time the cloud is brought up in the enterprise, the conversation to follow is focused on how secure, or not secure, it really is. Some would have you believe the cloud is safer than on-premise, while others contend that it is the least safe place you could store your data.
When thinking about cloud security, it's ultimately up to each individual organization and its leadership to determine if a cloud deployment is the right strategy. However, cloud adoption is growing overall, and it is important to consider how it affects the organization.
Here are 10 things you need to know about cloud security.
According to the Research and Markets' Global Security Services Market 2015-2019 report, the market for security products and services is growing globally and demand for cloud-based security is leading the charge. In fact, the Cloud Security Market report by MarketsandMarkets predicts the market size at nearly $9 billion by 2019.
In 2014, data breaches were all over the major news channels. Big brands like Target, Neiman Marcus, JP Morgan Chase, and Home Depot all announced that their data had been compromised. Toward the end of 2014 a Ponemon Institute report claimed that 43% of companies had experienced a data breach within the past year, up 10% from the year before. Additionally, data breaches in South Korea compromised the credit card information of 40% of the population.
One of the raging debates when it comes to cloud security is the level of security offered by private and public clouds. While a private cloud strategy may initially offer more control over your data and easier compliance to HIPAA standards and PCI, it is not inherently more or less secure. True security has more to do with your overall cloud strategy and how you are using the technology.
While the term "cloud security" wasn't explicitly mentioned, both "cloud" and "security" top the list of IT initiatives for executives in the 2015 Network World State of the Network report. Thirty six percent of IT executives ranked security as their no. 1 initiative, while 31% had the cloud leading their initiatives.
When most consumers think about the cloud, they are likely thinking about popular cloud storage and backup services. Cloud storage is important to the enterprise too, but it presents its own challenges. More than 50% of the respondents to the Cloud Usage: Risks and Opportunities Report from the Cloud Security Alliance listed storage as the most risky cloud application according to their organization's definition of risk. The second most risky set of applications were those dealing with finance or accounting.
Outside hackers are what most people perceive as their biggest threat to security, but employees pose an equal risk. The 2015 Data Breach Industry Forecast by Experian claims that employees caused almost 60% of security incidents last year. This is further compounded by employees working remotely or using their personal mobile device to access sensitive materials outside of the company network.
The rise of bring-your-own-device (BYOD) and bring-your-own-application (BYOA) trends means that many cloud services and tools are sneaking into organizations under the noses of IT leaders. Results of a survey conducted by The Register shows that 50% of respondents said the biggest challenge in regards to cloud services is getting the chance to assess security before a service is adopted by users.
According to the Cloud Usage: Risks and Opportunities Report, 25.5% of respondents don't have security policies or procedures in place to deal with data security in the cloud. Also, 68.1% said they do have security policies in place, and the remaining 6.4% didn't know whether they do or do not have the proper policies in place.
Research firm Gartner predicts that the IoT market will grow to 26 billion units installed by 2020, bringing with it a slew of security issues for organizations that are leveraging the technology. The Experian Data Breach Industry Forecast notes that the storage and processing of the data points collected by IoT devices will create more vulnerabilities, and we will likely see cyberattacks targeting the IoT.
Fortunately, there are quite a few ways in which enterprises can make their cloud initiative more secure. While these tools and services exist, they aren't always used the proper way, or even used at all. Sixty percent of respondents to The Register's cloud survey said they were using VPN connections, but only 34% said they were using cloud firewalls or encrypting data at rest. The numbers continued to drop in regards to other preventative measures until the bottom of the list where only 15% said they were using obfuscation or tokenization of sensitive data.