By Kevin J. Goodman
I learned the meaning of strength and community as a young camper many years ago. As we sat around a campfire, our counselor handed each of us a stick and told us to break it, which we did rather easily. Then he passed out more sticks so that each of us held a bundle. None of us could break our bundle of sticks. In this way, he demonstrated all we ever needed to know about strength in numbers and how valuable we are to the whole. That same analogy applies to the cloud: We need each other to be strong and secure in the IT world.
An organization’s information is perhaps one of its most important assets. Unfortunately, this information is at risk due to increasingly frequent and sophisticated cyber attacks. Information security breaches can result in stolen customer data, stolen intellectual property, financial damage, and irreparable damage to a company’s reputation. To make matters worse, companies often struggle with limited IT budgets and a lack of internal security expertise. Even so, it is scary for a business to seemingly give up control of its destiny by outsourcing the security of some of it most valuable assets — its data.
Cloud Security as an Obstacle to Cloud Adoption
Organizations have traditionally kept their IT infrastructures in-house. This allows them the confidence of knowing they own their equipment and have control over the security of their data and infrastructure. This infrastructure, however, can be quite expensive and inflexible when it comes to increasing or decreasing demand and keeping the hardware and software up to date. To combat these issues, organizations are turning toward shared infrastructures with a pay-as-you-go model.
One of the largest concerns businesses have faced is the security of this shared infrastructure environment. Many traditional IT teams believe they are giving up security for flexibility and cost savings as they subscribe to the theory that these shared infrastructure or Infrastructure as a Service (IaaS) environments cannot possibly be as secure as the traditional in-house setup. These concerns can be mitigated with the use of proper technology, controls, policies and procedures. These technologies include Role Based Access Control (RBAC), Multifactor Authentication (MFA) and data encryption both at rest and in-transit. Using these and other technologies that are currently available, IaaS cloud computing environments can be effectively secured to protect data, applications, and infrastructure.
Many organizations are required to prove information security compliance to auditors. Companies in regulated industries, such as financial services, retail, healthcare, government, and energy, must dedicate significant time and resources to proving compliance. Due to the increasing prevalence of cyber attacks and a number of high profile data breaches, compliance requirements become more demanding every year.
Fortunately, effective cloud security solutions can help companies reduce costs and complexity, reduce the compliance burden and, most importantly, significantly reduce the risk of a data breach. Outsourcing in general has become a preferred model as the cloud eliminates the CAPEX guessing game and lets businesses shed non-core operations. This outsourcing is occurring with both global cloud giants and local providers. Many businesses want to keep their data nearby, meaning growth is emanating out to secondary markets, not consolidating onto the Google, Microsoft and AWS clouds, as many thought would occur.
Companies can and should leverage and umbrella coverage and compliance when and where they are able from their cloud service provider. The levels of certifications and compliance and Service Level Agreements a provider has can be a big benefit. It is particularly important that the provider has third-party audits and reports demonstrating effective and reliable controls (such as SSAE16 SOC, IRS 1075, HIPAA, PCI) and that it maps them to various and additional levels of compliance, law and best practices. In many ways this can protect your data and reduce and mitigate risk while saving money. This is indeed a brand advantage and shows you have made a strong effort to be compliant and secure.
In today’s volatile internet world, following these steps will identify your organization as a good steward of the data of its customers, constituents, and patients.
Kevin Goodman is the managing director, partner with BlueBridge Networks, a downtown Cleveland-headquartered data-center business. He can be reached at (216) 367-7580, firstname.lastname@example.org, www.kevinjgoodman.com, and www.bluebridgenetworks.com.