It's a Love-Hate Relationship: Why it's Still Important to Keep Data Secure in the Cloud

Did you think the holiday shopping season was over because the tree’s come down and the New Year’s confetti is cleaned up? Think again! With Valentine’s Day happening  and consumers scrambling for that perfect last-minute gift, it can be an easy target for hackers to take advantage of that love-induced gift-giving frenzy and break some hearts, aka your personal data. In an age where there seems to be another breach or compromised data story in the news each week, it’s not surprising that your data isn’t the only thing up for grabs; your trust in that company or brand is on the line too. A breach carries significant costs in brand reputation, future buying behavior and lost revenue. Businesses need to act rather than react and invest in proper security measures before a weakening attack occurs. It’s apparent some understand this critical need with the global market for enterprise network security set to rise to $12.5 billion by 2015, according to IDC.

Security is at the heart of the successful adoption of emerging technologies such as mobile, Big Data and cloud. In a recent cloud computing usage survey, 65 percent of participating organizations mentioned security as the top obstacle to cloud adoption. This poses a two-fold opportunity for organizations: embrace cloud and innovation in the business, and re-assess and enhance the security posture of an enterprise’s core valuable digital assets.

The sheer amount of data that needs to be managed for businesses and their customers creates new privacy challenges that are increasing daily. The rush to follow trends such as mobile and cloud without a robust security strategy can leave a company open to breaches and heartache like a middle school dance.

For these reasons and more, old security approaches just won’t cut it when it comes to these new technologies. Because cloud environments are provisioned automatically, so too must be the security.   This is about being agile; we need to be able to stand up the security infrastructure at the same time we stand up the virtual environment for everything else.

Don’t let these points scare you, though! By leveraging an automated security by design approach in the cloud environment, there is greater access to people with security skills, technology that spans traditional and cloud environments and enhanced rigor in the governance processes. In our experience with enterprise clients adopting could, there are five best practices that help re-asses the approach to cloud security and reap the beneficial rewards.

• Step 1: Establish your position on security and risk – “Need full visibility” should be your motto here. Getting intelligent about your stance on security is important so you know what you are up against in terms of security risks. Enterprises do this confidently by establishing a security intelligence program that allows them to continuously monitor their security and risk posture. Remember: risk isn’t just associated with security. A security breach has a significant impact on your customer data, as well as your overall business and brand integrity.
• Step 2: Protect the crown jewels – The type of data you have will impact what applications you choose to move to the cloud. We’re finding that customers are taking a cautious approach in evaluating what applications to move and how to secure that data. The majority of data security breaches happen around databases, so you should apply data activity monitoring technology to gain visibility about access to data – from structured data bases, to unstructured systems, to big data platforms. This is true for data in both cloud and traditional environments.
• Step 3: Get to know your user – The user is the first point in each and every transaction. It’s imperative to not only verify a user’s identity, but to also manage access based on who they are and what they are accessing. With a hybrid approach, successful deployment and adoption applies federated identity management technologies to address business needs and user experience.
• Step 4: Gain assurance of your apps – With the increased use of apps comes the increased risk of attacks that take advantage of vulnerabilities. In order to keep a clean application environment, you must scan applications and test them regularly for vulnerabilities as part of application development. We are seeing this become a part of the devOps process that is fundamental to cloud.
• Step 5: Protect against threats and fraud – With the influx of multiple mobile devices per user, mobile and endpoint devices can also be compromised with malware, leading to hijacked user credentials and fraud. A combination of malware protection, endpoint management and mobile security should be put in place to effectively mitigate threats and prevent fraud

Despite the obvious challenges, enterprises should look to adopt cloud to both optimize their infrastructure and innovate around new ways to interact with their customers. Cloud has the ability to provide enhanced security for your enterprise if executed correctly and safely. Educate your customers and employees so as to avoid any security pitfalls and avoid being broken-hearted. 

A self-described “Big Thinker, Innovator, and Technologist with a day job as an IBM (News - Alert) Security Exec,” Caleb Barlow is the director of Application, Data and Mobile Security at IBM. His popular online podcasts cover the ins and outs of information security, both from a business and a consumer perspective, and more than 8,000 users follow him on Twitter (News - Alert) for the latest happenings in the world of cybersecurity and technology. Caleb is also an expert in various social technologies – in his previous role at IBM he was the director of Unified Communications (News - Alert) and Collaboration, where he was responsible for the voice, video, web conferencing, instant messaging and social business communications under the IBM Sametime brand.