Story image

Busting the top five myths and mistruths about cloud security

26 Jun 2018

New Zealand CIOs and CISOs are continuously having to evaluate whether their data is safe and secure. Why? Well, with several high-profile data breaches in the past few months, and the prospect of compulsory mandatory breach reporting, many organisations are directing their attention to securing and safeguarding their data.

Many companies are looking to cloud as the solution to safeguarding their data, however myths and mistruths continue to exist when it comes to security within the cloud. These myths, along with the rapid growth of technological advancements, add further complication for any company deciding on whether to migrate to the cloud.

By addressing the top five myths surrounding cloud security, organisations can use the facts to make more informed decisions as they embark on their cloud journey.

#1: "Cloud is inherently insecure"

This is without doubt the biggest myth surrounding cloud. Cloud providers take security seriously. If they didn’t, they wouldn’t have a business, it’s that simple. Cloud providers take security so seriously that they employ dozens of different security frameworks and controls, much more than the typical company would in its own facilities.

Under the proposed changes to the New Zealand Privacy Bill, providers must report privacy breaches to the Privacy Commissioner as well as to affected individuals. Providers would be liable for a fine if something goes wrong. The simple fact is, given the increased awareness about data security and the heightened regulatory environment, data in the cloud is likely to be more secure.

#2: "There are more breaches in the cloud"

For those who see off-site security for the first time, it’s hard to fathom that data stored beyond the physical can be safe, but it’s true. There are a multitude of security tools available today that didn’t exist before that can help build the best defences possible against people looking to exploit vulnerabilities.

Take cloud security solutions provider Bitglass for example. Their aim is to reduce the risk of data loss and maintain a company’s data transparency by acting as a cloud-access security broker. Bitglass is one of many cloud security tools that helps stop those looking to exploit vulnerabilities in your security.

#3: "It’s critical for me to have physical control of my data for it to be secure” 

The truth is that successful data security ultimately relies on who has access to data as opposed to the physical control of it. Setting up the right encryption and controls for the right sets of data is critical. This will ensure only those with the appropriate permission to use that data can access it. This is important given that only 9.4% of global cloud providers are encrypting data.

It is also worth noting that there are different options for handling data in the cloud. Especially as not all data is equal in value, risk and potential regulatory compliance. There is increasingly separation of what data is stored where.

#4: "I can easily use my current security tools in the cloud"

"Can I bring the tools I'm using in my data centre over to the cloud?" Unfortunately, more often than not, you can’t. While some tools will work, most won’t be able to deal with cloud-specific concerns.  Security tools must be agile, accurate and possess the ability for rapid attack identification.

#5: "Security maintenance in the cloud will be really complex and different"

This is incorrect. While specific tools may be different, they often require minor changes to securely manage cloud environments. This means most of the best practices and operational procedures for maintenance put in place before moving to the cloud can still be used to monitor and maintain security in a cloud environment.

Cybersecurity is a growing concern for New Zealand companies. If handled incorrectly, it can result in data breaches which are costly to repair on numerous levels. Given this climate, CIOs and CISOs should embrace cloud as a safe and secure solution.

Whether companies are yet to begin or have already started their cloud migration, it is inevitable that they will face a lot of questions and obstacles along the way. With robust tools and practices now available, security shouldn’t be one of them.

Article by Accenture New Zealand operations lead Suraj Sowki.

Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.