When the cloud first emerged, there were more than a few companies and users that were unsure about putting their sensitive information and trust in a system that resided in the virtual environment of the Internet. Many believed that shifting important data from on-premise solutions to those accessible through the Web would make it easier for cyberattackers to breach, snoop and steal this content. Thankfully, many of these fears have been put to rest in recent years, particularly as a considerable number of users have discovered that the cloud can serve to boost data protection.
However, this doesn’t mean that enterprises have shifted their focus away from cloud security. In fact, informational safety in the cloud is still a top priority for many businesses, and decision-makers and network administrators alike are continually looking for ways to enhance their protections of content stored in Web-based environments.
Research shows cloud security still a main focus
More than a few recent studies show that cloud security is still considered a top priority in the majority of industrial sectors. Particularly as groups in oil and gas, healthcare and other industries increasingly leverage cloud systems, the security of these solutions remains front and center for decision-makers.
These were the findings of Peak 10’s annual U.S. market survey to identify the trends of 2015 and 2016. Researchers discovered that cloud computing alongside IT security maintained their positions at the top of the list of corporate priorities.
“IT directors overwhelmingly cited the cloud as #1 when asked what their priorities for products and services will be over the coming 12-18 months,” Peak 10 noted. “Security was mentioned hand-in-hand with the cloud, a concern among all IT professionals – present and future – regardless of where data resides or how it’s transmitted.”
A study from The National Association of State CIOs illuminated similar results, with cybersecurity ranking as the first priority and the cloud coming as the second main focus for this year. This survey found that not only are security improvements a main goal for the enterprise community, but governing agencies as well. Stu Davis, Ohio CIO and NASCIO president, told CSO that CIOs, CISOs and governors named cybersecurity as a top priority.
However, the NASCIO study also showed that there are obstacles, particularly when it comes to funding, with group’s boosted focus on data protection.
“The improving economy and states’ growing commitment to cybersecurity have led to an increase – albeit small – in budgets,” the NASCIO report stated. “Nevertheless, budgets are still not sufficient to fully implement effective cybersecurity programs – it continues to be the top barrier for CISOs.”
Enhancing cloud security: Tips for Web-based data protection
Despite budgetary constraints, there are a number of strategies enterprises can use to bolster their cloud security. For instance, Forsythe recommended forming a proactive attack strategy by assuming that the organization has already been breached. By practicing as though an infiltration has already taken place, the organization can view their plan through an active lens, as opposed to something that they will utilize when the time comes.
“Social networking, cloud computing, mobile devices and the ubiquity of information have shifted information technology paradigms and opened new avenues of attack,” Forsythe stated. “Learn the critical elements of a successful advanced persistent threat defense strategy, assemble the right team and implement the plan.”
Businesses can also better guard against attack by encrypting its mission-critical information before migrating it over to a cloud environment. This way, the organization is in charge of the decryption key, and sensitive details are hidden from all but those with access to the right authentication credentials and the key. Encryption should be implemented on all important data, particularly customer information, details about internal business processes and other content that would offer an attractive target for cybercriminals.
Forsythe also suggested examining the organization and its activities to identify any and all vulnerabilities that might exist. This way, decision-makers and security administrators can better pinpoint areas that might provide an entrance to malicious actors and work proactively to mitigate these risks. This also helps address financial restrictions when it comes to cloud security.
“By understanding their risks, organizations can target limited security dollars and resources,” Forsythe noted.
Finally, network administrators should also work with their cloud service providers to ensure that their cloud security is extended from the business to the data center. This way, any gaps that might exist between cloud users and the vendor can be identified and bridged before they give way to an attack. During this process, decision-makers should seek details about what protections the service provider has in place and how these will interact with the security measures on the side of the business. This will help create a more unified cloud security system to safeguard information being stored and accessed in the Web-based solution.