SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Busting the top five myths and mistruths about cloud security
Tue, 26th Jun 2018
FYI, this story is more than a year old

New Zealand CIOs and CISOs are continuously having to evaluate whether their data is safe and secure. Why? Well, with several high-profile data breaches in the past few months, and the prospect of compulsory mandatory breach reporting, many organisations are directing their attention to securing and safeguarding their data.

Many companies are looking to cloud as the solution to safeguarding their data, however myths and mistruths continue to exist when it comes to security within the cloud. These myths, along with the rapid growth of technological advancements, add further complication for any company deciding on whether to migrate to the cloud.

By addressing the top five myths surrounding cloud security, organisations can use the facts to make more informed decisions as they embark on their cloud journey.

#1: "Cloud is inherently insecure"

This is without doubt the biggest myth surrounding cloud. Cloud providers take security seriously. If they didn't, they wouldn't have a business, it's that simple. Cloud providers take security so seriously that they employ dozens of different security frameworks and controls, much more than the typical company would in its own facilities.

Under the proposed changes to the New Zealand Privacy Bill, providers must report privacy breaches to the Privacy Commissioner as well as to affected individuals. Providers would be liable for a fine if something goes wrong. The simple fact is, given the increased awareness about data security and the heightened regulatory environment, data in the cloud is likely to be more secure.

#2: "There are more breaches in the cloud"

For those who see off-site security for the first time, it's hard to fathom that data stored beyond the physical can be safe, but it's true. There are a multitude of security tools available today that didn't exist before that can help build the best defences possible against people looking to exploit vulnerabilities.

Take cloud security solutions provider Bitglass for example. Their aim is to reduce the risk of data loss and maintain a company's data transparency by acting as a cloud-access security broker. Bitglass is one of many cloud security tools that helps stop those looking to exploit vulnerabilities in your security.

#3: "It's critical for me to have physical control of my data for it to be secure” 

The truth is that successful data security ultimately relies on who has access to data as opposed to the physical control of it. Setting up the right encryption and controls for the right sets of data is critical. This will ensure only those with the appropriate permission to use that data can access it. This is important given that only 9.4% of global cloud providers are encrypting data.

It is also worth noting that there are different options for handling data in the cloud. Especially as not all data is equal in value, risk and potential regulatory compliance. There is increasingly separation of what data is stored where.

#4: "I can easily use my current security tools in the cloud"

"Can I bring the tools I'm using in my data center over to the cloud?" Unfortunately, more often than not, you can't. While some tools will work, most won't be able to deal with cloud-specific concerns.  Security tools must be agile, accurate and possess the ability for rapid attack identification.

#5: "Security maintenance in the cloud will be really complex and different"

This is incorrect. While specific tools may be different, they often require minor changes to securely manage cloud environments. This means most of the best practices and operational procedures for maintenance put in place before moving to the cloud can still be used to monitor and maintain security in a cloud environment.

Cybersecurity is a growing concern for New Zealand companies. If handled incorrectly, it can result in data breaches which are costly to repair on numerous levels. Given this climate, CIOs and CISOs should embrace cloud as a safe and secure solution.

Whether companies are yet to begin or have already started their cloud migration, it is inevitable that they will face a lot of questions and obstacles along the way. With robust tools and practices now available, security shouldn't be one of them.