The benefits for business in an increasingly connected world are many, but with those benefits there are also multiple security concerns.  The adoption of the cloud is a perfect example of this reality.

 

The cloud gives enterprises a way to maximize time and profits thanks to the speedy and real-time information sharing potential it offers.  At the same time, this possibility also makes the sensitive data accessible to anyone who can penetrate the company’s network and/or the cloud that stores all their data.

 

Recent surveys have shown that one of the reasons for slow adoption of the cloud includes security in the cloud.  Many businesses are concerned with unauthorized access, account hacking, malicious insider threat, insecure APIs, and DoS attacks.

 

Other barriers also include the security standing of third party companies and business partners. Security executives are concerned if these businesses are meeting compliance regulations and if their risk management posture takes care of all the potential threats present today.

 

Furthermore, employees have access to the personal storage services from the corporate network.  These factors also create additional risks with the use of the cloud, since the date is in the network and because employees and visitors pose risks to data privacy and potential leak of sensitive data (if they were to share that sensitive corporate data outside the company).

 

Even though there are concerns over security in the cloud, companies have started to store intellectual property, customer data, sensitive financial data and employee healthcare data in the cloud.  Until security becomes a priority though, adoption will stay slow and any information in the cloud is at risk.  This can mean financial damage to a company.

 

What CIOs and executives can do if they wish to speed up the cloud adoption process and reduce risks is implement a holistic security program.  Conducting a third party risk assessment to check the enterprise network for vulnerabilities, checking the configuration of routers and firewalls, training employees on security, keeping policies and procedures up to date, reducing the communication gap between the C-Suite and the CIO.  These are all great places to start.

 

Realizing that security is part of the business process and ensuring continuous monitoring, as well as investing in a long-term partnership with outside help to add to the company’s security team are the only way executives can hope to avoid a mega breach that could ruin their business.
What are you doing to improve security in the cloud?

Photo courtesy of Maksim Kabakou