Even in its mature phase, cloud computing can’t seem to move away from security concerns associated with it. Years after its breakthrough as a mainstream technology for organizations of different sizes, the cloud still represents a challenge in terms of managing data security, primarily because of IT infrastructure’s increased complexity.
As data growth rate accelerates, both SMBs and enterprises keep introducing new cloud solutions to support their storage and collaboration needs. In many cases, they opt for hybrid cloud environment to make a balance between costs and security.
However, this form of hybridity additionally complicates the job for security administrators, who need to coordinate critical operations across multiple platforms, vendors and departments.
Top 5 Enterprise Security Challenges
When it comes to some more specific problems related to managing security in the cloud, an insightful look into these was offered in a recent ESG research that surveyed 150 infosec professionals and revealed the following:
- Coordinating security operations across multiple private/public cloud offerings – 32%
- Increased communication problems between cyber security and other IT teams – 31%
- Inability to align security controls applied to physical assets & cloud infrastructure – 24%
- Troubleshooting security control problems in cloud infrastructure – 22%
- Security controls associated with the migration of workloads from physical servers to the cloud – 21%
Commenting on these findings, Jon Oltsik, a senior principal analyst at ESG highlights the major difference between security concerns that troubled CIOs few years ago and those that are dominant today:
“A few years ago, CISOs were concerned about the conceptual security of the cloud. Now they are anxious about the practical realities around how they can extend their existing cyber security skills, processes, and controls to enforce security policies and monitor activities in the cloud.”
Indeed, cloud security has evolved from an abstract fear to a practical challenge related to the implementation of intelligent security systems, which is another field that proliferated over the last few years. CIOs now have a greater variety of outsourced solutions at their disposal, but they need to be wise about choosing them in order to avoid the implied management complexities.
Precisely because of this, many enterprises prefer to stay with more traditional, on premise data storage solutions. As opposed to the cloud, on-premise guarantees that internal teams will be fully responsible for managing data security, but is this really a good idea? Some experts don’t think so.
Cloud vs On-Premise
Historically, on premise infrastructure has been seen as a more secure setting for sensitive company information. It is typically easier to manage because no responsibility is shared with third-parties, which largely facilitates certain processes.
These are just some of the reasons why 70% of IT security practitioners agree that managing privacy and data protection regulation on premise is much simpler on premise than in the cloud environment.
However, other experts believe that not even on-premise is the ultimate answer. As pointed out by Patric Heim, Dropbox Security Chief in a recent interview for CSO, the track record of cloud computing is significantly better than the track record for keeping data on premise:
“The big challenge organizations have, when you look at some of these breaches, is they’re not able to scale up to secure the really complicated in-house infrastructures they have.”
This is simply because Dropbox, Amazon and Google. Other tech giants are able to hire better security experts than most companies. Although organizations have been trying to overlook this fact in the early years of cloud adoption, today it’s clear that this is actually a great advantage of using cloud services
Shadow IT & Employee Responsibility
In addition to the challenges discussed above, the very use of cloud apps among employees is an aspect that brings increased challenges to managing data security. Namely, cloud apps are found to be the major source of shadow IT and thus a potential threat to data security.
According to an earlier report by Cipher Cloud, 86% of cloud apps used by enterprises fall into the category of shadow IT. In relation to this, CSA reports that among that are most frequently banned apps are:
- Dropbox, blocked in 80% of organizations
- iCloud, blocked in 50% of organizations
- Facebook, blocked in 50% of organizations
The report also notes that some organizations block these apps at their own peril, but this is another form of cloud computing that is becoming an increasing threat to security. As the employee mobility grows and as they become more dependent on their personal devices to complete tasks, controlling data storage and transfer in the company becomes increasingly difficult.
Remote Access & Network Security
Cloud-powered environment often relies on third-party businesses and partners that manage specific implementations. This means more people are able to access the company network, which brings a new form of risk for, especially in combination with increased employee mobility.
Given the multiplicity of locations and platforms from which company networks are accessed nowadays, companies clearly need advanced solutions to prevent network breaches.
In fact, remote access and third-party IT components accounted for a surprisingly large number of breaches in 2014, according to SecureLink. As pointed out in their resource, a part of the problem lies in the fact that organizations have increased interactions with their consumers, partners and employees.
Naturally, the greater the number of tools used for communication, the more possibilities there are for hackers to intercept data transfers This is particularly important for organizations that work in security legislated industries such as healthcare, finance and government.
Such institutions have an increased focus on security and need to ensure all the systems they use are compliant with industry regulations.
Despite improvements in the field, cloud security is likely to remain a challenge for security professionals for years to come. However, as opposed to the initial stages of cloud development, current settings are worried about practical implementation of security systems rather than the cloud itself.
This is certainly a significant improvement, but more skills and education are needed for security professionals to handle all the problems that could arise.