If you’re a business leader investing in the incredible benefits of cloud deployment, there is an old adage that can help focus your understanding and help you avoid creating serious security problems: When you pick up one end of the stick, you also pick up the other.
Organizations reaching to achieve the substantial benefits of the cloud must also realize that they are also simultaneously picking up entirely new levels of data-protection challenges. These challenges can quickly — even instantly — deliver new degrees of cybersecurity risk that can and will impact their entire network if not addressed proactively from the start.
There is no doubt that the agility and efficiency of cloud deployment have been transformative, allowing organizations to meet the demands of and keep pace with a digitally driven, globally connected economy. With incredible efficiency and agility, the cloud has allowed organizations to deploy their most critical business applications with exciting new levels of responsiveness.
As a result, more than 70% of organizations now have at least one application in the cloud, and 17% plan to have a cloud deployment within the year. That is an extraordinary adoption rate for any technology — and proof that the solutions the cloud offers are intensely needed.
But when we reflect on those stats, another fact is revealed.
Unless a business is a relatively new startup that has had the foresight to go all-in on cloud deployment from the very outset, the vast majority of organizations are now in the process of migrating data to the cloud, managing hybrid infrastructures in a complicated balance of legacy network components and traditional applications. Increasingly, these organizations are dealing with multiple clouds, as well: More than 80% of companies in the cloud are using two cloud providers, and more than 60% are utilizing three or more.
For these companies, the benefits of the cloud are often overshadowed by confusion, dramatically decreased visibility and layers of new inefficiencies. Added up, it presents new and serious security risks. That’s because digital innovations without effective cybersecurity are far more efficient at creating risks than improvements.
The ease of cloud deployment is a significant factor in that risk creation. Essentially, anyone in an organization can transfer data or an app to the cloud — often creating complicated silos of different clouds for different applications, all without adherence to adequate security policies and without proper monitoring and tracking of security incidents. And once those apps are out there, inadequately protected, it can be difficult to bring them back into compliance.
Think of it like putting something online. It’s much easier to post something than it is to take it down once it is out there. While no one would ever tweet their Social Security number or critical personal information — thinking they can just delete the tweet if anything bad happens — that is essentially what many companies are doing without realizing it. However, a conscientious approach and clear understanding of cloud security best practices can prevent this before it happens.
Often, the assumption is made that cloud providers will handle data protection. That’s not the case. The cloud forces a shared security model on organizations, where the cloud provider secures the underlying infrastructure, while the customer is responsible for secure communications, access control, application security and so on. So, while cloud providers firewall the infrastructure, they don’t protect the data an organization accesses relentlessly in the course of operations. That responsibility falls on the organization. That data is traveling back and forth across a vast and widely dispersed network of business users, in and out of many different clouds provided by multiple vendors and applications — in an ever-expanding and often invisible attack surface. Unless security has the ability to follow the data across all points, that information is vulnerable.
Increasingly, it is common for business leaders to have an incomplete understanding of what information has been placed in the cloud, what cloud vendors are being used and whether security protocols align across those vendors and an internal network. This doesn’t even take into account the wide degree of devices that access the data in an ever-sprawling edge of internet of things and mobile access points.
To address the realities of this new normal, a comprehensive security strategy must come first.
IT leaders should start any cloud deployment process by mapping out the nature of their data, then pivoting to assess their security policies and how those policies can be extended to ensure that cloud-based applications and data are compliant. They should also consider how the health and security of those cloud-based applications will be monitored and managed as part of an enterprise information security fabric.
As business becomes increasingly digitally driven, managing the amount of data companies leave in the wake of daily operations has become a formidable and intensifying challenge. For many, the cloud offers an easy solution to the spiraling costs of managing data centers, and many IT teams feel the pressure to deliver 100% cloud migration. But the cloud is not a magical solution for today’s data needs. It is a powerful tool with a surface simplicity that can mask serious post-deployment complexities if not done right. Companies that fail to recognize this often create more challenges than they solve — and spend far more than they save.
If companies don’t rethink their security architectures to meet the requirements of the cloud, their businesses will suffer. As more and more data, workloads and applications are being offloaded to the cloud, especially via IoT devices, a seamless security strategy is imperative. Those who design that security strategy at the outset will achieve the many benefits of cloud deployment. Those who do not, though, will quickly discover that the other end of the cloud is risk.