Getting a grip on cloud security

McKinsey has estimated that by 2018, more than half (51%) of enterprises will adopt cloud as their primary IT environment – up from just 10% in 2015. However, despite the widespread adoption of cloud, some enterprises remain unsure whether to take the plunge or which applications to migrate to the cloud due to security concerns. For example, research by the SANS Institute shows that security concerns are the biggest barrier to companies adopting public cloud. 58% of enterprises worry about unauthorised access to their network and 45% are afraid of data loss.

This does not necessarily mean that a private cloud is always more secure than a public cloud. Whether public or private, you need to choose carefully who you work with. Crucially, enterprises should first look into which cloud model best fits their needs. In doing so, the question of public, private or hybrid cloud is in large part determined by the desired level of control and reliability – which in turn impacts on the level of security of their cloud environment too.

Data sovereignty – do you know where your data lives?

In today’s data-powered economy, enterprises worry about data residency and sovereignty due to regulatory demands. In the public cloud, any of your data could live in any country or geography where that cloud provider has data centres – and in many instances it is against the law for a company to let data or even metadata about customers to move across borders in this way.

While a private cloud solution hosted in the local market is part of the solution to ensure data sovereignty and regulatory compliance, enterprises with global operations should choose a private cloud that gives them additional flexibility through a granular data centre approach. This enables them to store their data in multiple different geographies (when laws allow them to do so) to ensure that employees in Singapore, for example, are able to access applications and data as quickly and efficiently as possible via a Singapore data centre.

DDoS and DD4BC: security threats facing clouds  

One of the major benefits of cloud is that it allows enterprises to use a scalable and cost-effective combination of the public Internet and private networks. With this cloud-friendly hybrid networking approach, you are able to dictate which applications can be accessed over the Internet, and which business-critical applications require the additional security and availability offered by a private network.

However, issues arise when enterprises choose to rely on the public Internet alone for all their cloud applications. They risk opening themselves up for attacks such as DDoS, and increasingly incidents where the perpetrators use the threat of DDoS to extort businesses unless they pay a ransom with Bitcoins (DD4BC). Financial services, media and entertainment, and online gaming businesses have become popular targets for DD4BC, but these attacks are rapidly spreading to other sectors too.  The threat is also exacerbated by the growth in popularity of IoT applications, some of which can be prone to hacking.

Given the way in which many cloud applications rely on the public Internet, it is crucial that enterprises are able to safeguard and maintain constant control over their various connected assets, and use private networks for business-critical cloud-based applications.

Private cloud – a more secure way forward

All cloud models have their pros and cons, but for enterprises hesitant about security, control and reliability issues, a private cloud solution is the best way to start their cloud journey. Compared with public cloud solutions, private clouds give enterprises a lot more control over all applications, complete visibility over where data lives, as well as the liberty to implement controls over the entire cloud estate depending on changing business demands.

Amidst the growing threat of cyber-attacks and increasing compliance pressures brought on by new digital rules such as the EU’s General Data Protection Regulation, it might be tempting for enterprises to steer clear of the cloud altogether. However, the benefits far outweigh the risks. So, do take the plunge, but choose your cloud model carefully and work with a partner that can support the migration to the new IT estate.

Read Srini’s recent post Three security lessons on the WannaCry ransomware attack.