INTELLIGENT BRANDS // Cloud
The four biggest misconceptions about cloud security
The widespread adoption of cloud solutions has been driven by the myriad of associated benefits offered , such as flexibility , scalability and remote access . However , Christo van Staden , Forcepoint Regional Manager : Sub- Saharan Africa , says concerns have been raised regarding the security of these solutions .
Christo van Staden , Forcepoint Regional Manager : Sub-Saharan Africa
Many organisations take the easy way out and continue to work with their old , trusted IT infrastructure and as a result , play it safe with proven on-premise storage methods conferred by legacy IT infrastructure .
However , trust in the cloud has improved and many security concerns have been addressed by security vendors and cloud providers . Companies now utilise cloud solutions ( whether a hybrid or pure cloud ) to store their data and applications . But even though security has become much better , companies should be aware of the half-truths and myths that exist regarding cloud security . Here are the four biggest misconceptions about cloud security providers at a glance :
1 . Cloud security providers do not need to present a security certificate . Compliance teams tend to only check certificates within their own organisation and extend them where necessary . However , every partner – including the cloud security provider – must also have the correct certificates . This means that companies should request the appropriate certificates from providers before one is appointed . Failure to produce the correct certificates should raise concerns about how the provider processes and protects sensitive data .
Another tip is to have the control done by an external party . Such an audit requires time , energy and money , but some cloud security providers are unable or unwilling to make this investment . This is another factor that should be considered during the selection process .
2 . Data centres of cloud providers are always better secured than their corporate counterparts . Cloud service providers like to point out the shortcomings of private data centres to show that their own cloud solutions are better protected . This is not always true . Although the cloud does indeed offer significant security benefits , it is the providers that need to act to ensure
/////////////////////////////
that we benefit . It is not so much the infrastructure , but the extra security steps that security managers take – private or not . It is also not the case that a provider with the right certificates takes on all aspects of security .
Most cloud service providers work with a shared security model . This means that the responsibility for user behaviour , accessibility and terms of use lies with the client , and not with the cloud service provider .
3 . The more data centres a cloud service provider has , the better the performance and resilience of the infrastructure . Although a cloud solution must have multiple data centres , it is not self-evident that the amount of them affects performance . For example , Microsoft Azure , only has 30 data centres worldwide and works well . Other services with hundreds of data centres cannot always match Azure . So , while global coverage helps to reduce latency , cloud peering makes the difference when it comes to a good user experience .
4 . The security of the cloud service provider itself does not affect the costs of cybersecurity insurance . Insurance companies will review a company ’ s cybersecurity posture to determine monthly premiums . If a company is deemed to not be doing enough , then this can affect the monthly amount . Fortunately , this can be avoided by demonstrating that both the organisation and the provider are committed to optimum cybersecurity , by investing in adequate prevention of cyberthreats , good data security and data protection . •
www . intelligentcio . com INTELLIGENTCIO 65