Story image

Busting the top five myths and mistruths about cloud security

26 Jun 2018

New Zealand CIOs and CISOs are continuously having to evaluate whether their data is safe and secure. Why? Well, with several high-profile data breaches in the past few months, and the prospect of compulsory mandatory breach reporting, many organisations are directing their attention to securing and safeguarding their data.

Many companies are looking to cloud as the solution to safeguarding their data, however myths and mistruths continue to exist when it comes to security within the cloud. These myths, along with the rapid growth of technological advancements, add further complication for any company deciding on whether to migrate to the cloud.

By addressing the top five myths surrounding cloud security, organisations can use the facts to make more informed decisions as they embark on their cloud journey.

#1: "Cloud is inherently insecure"

This is without doubt the biggest myth surrounding cloud. Cloud providers take security seriously. If they didn’t, they wouldn’t have a business, it’s that simple. Cloud providers take security so seriously that they employ dozens of different security frameworks and controls, much more than the typical company would in its own facilities.

Under the proposed changes to the New Zealand Privacy Bill, providers must report privacy breaches to the Privacy Commissioner as well as to affected individuals. Providers would be liable for a fine if something goes wrong. The simple fact is, given the increased awareness about data security and the heightened regulatory environment, data in the cloud is likely to be more secure.

#2: "There are more breaches in the cloud"

For those who see off-site security for the first time, it’s hard to fathom that data stored beyond the physical can be safe, but it’s true. There are a multitude of security tools available today that didn’t exist before that can help build the best defences possible against people looking to exploit vulnerabilities.

Take cloud security solutions provider Bitglass for example. Their aim is to reduce the risk of data loss and maintain a company’s data transparency by acting as a cloud-access security broker. Bitglass is one of many cloud security tools that helps stop those looking to exploit vulnerabilities in your security.

#3: "It’s critical for me to have physical control of my data for it to be secure” 

The truth is that successful data security ultimately relies on who has access to data as opposed to the physical control of it. Setting up the right encryption and controls for the right sets of data is critical. This will ensure only those with the appropriate permission to use that data can access it. This is important given that only 9.4% of global cloud providers are encrypting data.

It is also worth noting that there are different options for handling data in the cloud. Especially as not all data is equal in value, risk and potential regulatory compliance. There is increasingly separation of what data is stored where.

#4: "I can easily use my current security tools in the cloud"

"Can I bring the tools I'm using in my data centre over to the cloud?" Unfortunately, more often than not, you can’t. While some tools will work, most won’t be able to deal with cloud-specific concerns.  Security tools must be agile, accurate and possess the ability for rapid attack identification.

#5: "Security maintenance in the cloud will be really complex and different"

This is incorrect. While specific tools may be different, they often require minor changes to securely manage cloud environments. This means most of the best practices and operational procedures for maintenance put in place before moving to the cloud can still be used to monitor and maintain security in a cloud environment.

Cybersecurity is a growing concern for New Zealand companies. If handled incorrectly, it can result in data breaches which are costly to repair on numerous levels. Given this climate, CIOs and CISOs should embrace cloud as a safe and secure solution.

Whether companies are yet to begin or have already started their cloud migration, it is inevitable that they will face a lot of questions and obstacles along the way. With robust tools and practices now available, security shouldn’t be one of them.

Article by Accenture New Zealand operations lead Suraj Sowki.

Chillisoft rounds out portfolio with file integrity vendor
Tripwire is the fourth vendor for Chillisoft in six months, adding critical security controls, vulnerability management and file integrity monitoring.
ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Who's watching you? 
With privacy an increasing concern amongst the public, users should be more aware than ever of what personal data companies hold.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Optic Security Group celebrates Axis accolade
Auckland-based business security systems provider Fortlock has picked up an award at Axis Communications’ annual Oceania Axis Partner Summit 2019.
Managing data to comply with privacy regulations - Micro Focus
It’s crucial for organisations to be able to access, understand, and accurately classify the data they have so they know how to treat it.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.