sb-nz logo
Story image

Busting the top five myths and mistruths about cloud security

26 Jun 2018

New Zealand CIOs and CISOs are continuously having to evaluate whether their data is safe and secure. Why? Well, with several high-profile data breaches in the past few months, and the prospect of compulsory mandatory breach reporting, many organisations are directing their attention to securing and safeguarding their data.

Many companies are looking to cloud as the solution to safeguarding their data, however myths and mistruths continue to exist when it comes to security within the cloud. These myths, along with the rapid growth of technological advancements, add further complication for any company deciding on whether to migrate to the cloud.

By addressing the top five myths surrounding cloud security, organisations can use the facts to make more informed decisions as they embark on their cloud journey.

#1: "Cloud is inherently insecure"

This is without doubt the biggest myth surrounding cloud. Cloud providers take security seriously. If they didn’t, they wouldn’t have a business, it’s that simple. Cloud providers take security so seriously that they employ dozens of different security frameworks and controls, much more than the typical company would in its own facilities.

Under the proposed changes to the New Zealand Privacy Bill, providers must report privacy breaches to the Privacy Commissioner as well as to affected individuals. Providers would be liable for a fine if something goes wrong. The simple fact is, given the increased awareness about data security and the heightened regulatory environment, data in the cloud is likely to be more secure.

#2: "There are more breaches in the cloud"

For those who see off-site security for the first time, it’s hard to fathom that data stored beyond the physical can be safe, but it’s true. There are a multitude of security tools available today that didn’t exist before that can help build the best defences possible against people looking to exploit vulnerabilities.

Take cloud security solutions provider Bitglass for example. Their aim is to reduce the risk of data loss and maintain a company’s data transparency by acting as a cloud-access security broker. Bitglass is one of many cloud security tools that helps stop those looking to exploit vulnerabilities in your security.

#3: "It’s critical for me to have physical control of my data for it to be secure” 

The truth is that successful data security ultimately relies on who has access to data as opposed to the physical control of it. Setting up the right encryption and controls for the right sets of data is critical. This will ensure only those with the appropriate permission to use that data can access it. This is important given that only 9.4% of global cloud providers are encrypting data.

It is also worth noting that there are different options for handling data in the cloud. Especially as not all data is equal in value, risk and potential regulatory compliance. There is increasingly separation of what data is stored where.

#4: "I can easily use my current security tools in the cloud"

"Can I bring the tools I'm using in my data centre over to the cloud?" Unfortunately, more often than not, you can’t. While some tools will work, most won’t be able to deal with cloud-specific concerns.  Security tools must be agile, accurate and possess the ability for rapid attack identification.

#5: "Security maintenance in the cloud will be really complex and different"

This is incorrect. While specific tools may be different, they often require minor changes to securely manage cloud environments. This means most of the best practices and operational procedures for maintenance put in place before moving to the cloud can still be used to monitor and maintain security in a cloud environment.

Cybersecurity is a growing concern for New Zealand companies. If handled incorrectly, it can result in data breaches which are costly to repair on numerous levels. Given this climate, CIOs and CISOs should embrace cloud as a safe and secure solution.

Whether companies are yet to begin or have already started their cloud migration, it is inevitable that they will face a lot of questions and obstacles along the way. With robust tools and practices now available, security shouldn’t be one of them.

Article by Accenture New Zealand operations lead Suraj Sowki.

Story image
Why best-practice threat data management provides confident automation
Understanding an organisation’s threat landscape requires having both the right threat data sources and the proper prioritisation to derive actionable threat intelligence for your organisation. More
Story image
Video: 10 Minute IT Jams – A glimpse inside a ransomware cell
This is our second IT Jam with SonicWall senior manager of product marketing Brook Chelmo, and in this video Brook walks us through his one-on-one experience with a member of a ransomware cell. More
Story image
BayCom partners with NICE inContact to offer cloud contact centre platform in NZ
“With our extensive experience in the industry, BayCom has the ability to design, implement and support CXone nationwide, providing organisations with an industry-leading Contact Centre as a Service (CCaaS) solution to deliver on their customer experience strategies.”  More
Story image
Palo Alto Networks extends cloud native security platform with new modules
Palo Alto Networks has announced the availability of Prisma Cloud 2.0, including four new cloud security modules, thus extending its Cloud Native Security Platform (CNSP). More
Story image
Radware launches DDoS protection for online gaming
“Online games are a massive, multi-billion-dollar industry, but they frequently fall victim to powerful and targeted DDoS attacks,"More
Link image
The importance of data resilience in the current cybersecurity climate
Protecting an organisation's data is one of the most crucial functions of any CISO. Strategies should be in place where data is stored securely and cost-effectively.More