There is an old adage – “When you pick up one end of a stick, you also pick up the other” – that business leaders need to keep in mind when investing in digital innovation. While cloud adoption can add new levels of performance, productivity, and responsiveness to their organization, the other end of that stick includes new levels of cybersecurity risk. And these risks can impact the entire network if not proactively addressed.
Nearly three in four organizations now have at least one application in the cloud. And nearly all organizations plan to do more. But that means that the vast majority of organizations are also in the process of rapidly migrating data, applications, and workflows to the cloud. As a result, they also having to balance a complex collection of legacy network components and traditional applications with their cloud counterparts. And increasingly, they are also dealing with multiple clouds at the same time, as more than 80% are using two cloud providers, and nearly two-thirds are utilizing three or more.
In addition to any benefits being derived, the results also include overtaxed IT teams, dramatically decreased visibility, and layers of new inefficiencies resulting – which all add up to serious security risks.
“The ease of cloud deployment is a significant factor in that risk creation. Essentially, anyone in an organization can transfer data or an app to the cloud — often creating complicated silos of different clouds for different applications, all without adherence to adequate security policies and without proper monitoring and tracking of security incidents. And once those apps are out there, inadequately protected, it can be difficult to bring them back into compliance.”
—Michael Xie, The Other End Of The Cloud, Forbes
Part of the challenge is the mistaken assumption that cloud providers handle data protection. Instead, the cloud uses a shared security model where the cloud provider secures the underlying infrastructure, while the customer is responsible for securing the applications, data, and services they run in their cloud environment. And that data is increasingly traveling across a rapidly expanding network of clouds, branch offices, and mobile users. So, unless security has the ability to seamlessly follow your data wherever it might travel, that information is vulnerable.
To address this challenge, organizations require a comprehensive security strategy that can span all networked environments, IoT and end user devices, and mobile access points. This starts by knowing where your data lives, understanding the nature of that data and the applications and devices that use it. Next, you need to assess your security policies to ensure that they can be enforced consistently across your dynamically evolving network, including continuously updated cloud-based applications, the rapid adoption of IoT, and exponentially growing volumes of data. You also need to consider how the health and security of those cloud-based applications will be monitored and managed as part of your information security framework.
The cloud is a powerful tool, but it is not a magical solution for today’s data needs. It has surface simplicity that can mask serious complexities, especially in terms of security, that if not done right, can create more challenges than it solves.
“If companies don’t rethink their security architectures to meet the requirements of the cloud, their businesses will suffer. As more and more data, workloads and applications are being offloaded to the cloud, especially via IoT devices, a seamless security strategy is imperative. Those who design that security strategy at the outset will achieve the many benefits of cloud deployment. Those who do not, though, will quickly discover that the other end of the cloud is risk.”
—Michael Xie, The Other End Of The Cloud, Forbes