One of the top fears for businesses thinking of adopting public cloud infrastructure is the notion that it is public, and therefore unsecure. However, publicly-available cloud resources can be as secure as other computing environments through the joint efforts of IT and service providers.
Jim Hamilton, Vice President, Member Communities, CompTIA, said, “Despite the questions security incidents raise, transition to the cloud continues to accelerate, thanks to the benefits that can be gained in areas such as agility or scalability.
“Companies beginning the long road to shifting their data and services to the public cloud often get side-tracked by security concerns. Most security concerns revolve around system outages and data loss. By identifying and mapping out how to respond to these concerns organisations can move forward knowing that their security is covered.”
CompTIA has identified five ways organisations can tackle their security concerns:
1. Know the risks. One of the primary technologies supporting cloud computing is virtualisation, and it is important to understand how this may affect a security strategy. The management tools provided by virtualisation vendors can assist with the necessary activities to secure a virtual environment. The most important tool is a proper understanding of the environment and its risks, and knowledge of the governing policies used by cloud vendors to minimise them.
2. Build on trust through evaluation. Most cloud users (85 per cent) report being confident or very confident in their cloud service provider’s security*, despite the fact that only three in 10 customers report conducting a comprehensive review of the security policies, procedures, and capabilities of their providers. This indicates that most public cloud customers place a lot of trust in their providers. However, it is important to back up this trust by evaluating cloud providers further in areas such as encryption policies and disaster recovery plans.
3. Understand that not all data is meant for the cloud. All signs point to even greater levels of cloud adoption in the coming years, but it could be some time before organisations use the cloud for the majority of their systems. Certain types of data and applications, such as confidential financial data, credit card data, and sensitive IP will remain on-premise. For organisations especially concerned about security, there will continue to be a need for secure on-premise solutions.
4. Know compliance requirements. Organisations transitioning to the cloud need to know their compliance requirements or risk discovering a security-related element that forces a change of plans after a data breach incident. IT solution providers and cloud vendors can provide an additional layer of compliance assurance. 5.
Understand different views of security. Cloud computing lowers the barrier of entry to technology and gives access to areas that have traditionally required cooperation with the IT department. Yet business staff who begin using cloud solutions without the backing of the IT team may not be considering where data is being stored, what happens in case of an outage, or how the cloud tool is integrated into other business systems. To help combat potential problems with which this approach, it is important businesses understand individual departments’ desire for cloud solutions regardless of the security profile they present, and implement company-wide policies to help combat them.
*CompTIA’s 9th Annual Information Security Trends study
About CompTIA Information Technology
The Computing Technology Industry Association (CompTIA) is a non-profit trade association serving as the voice of the information technology industry. With approximately 60,000 member companies, registered users and 3,000 academic and training partners and more than two million IT certifications issued, CompTIA is dedicated to advancing industry growth through educational programs, market research, networking events, professional certifications and public policy advocacy.