Simplifying the Cloud: Is your data secure?

The last few years have been challenging for information security professionals. The “bad guys” are getting smarter, and established ways of securing data often do not work as well as they once did. Hardly a week goes by without a data theft story appearing in the news, keeping cyber security in the public consciousness.

According to a recent study by the Identity Theft Resource Center, 781 data breaches occurred in 2015—more than twice that of 2014. Even more alarming, the worst attacks appear to be coming from cybercriminals and terrorists, not from insiders. Attackers are using stolen or compromised credentials to access all types of data—financial information, personally identifiable information (PII), and personal health information (PHI). Further complicating this trend is the rise of outsourcing, as we increasingly rely on third parties to help perform business functions. From traditional outsourcing to public cloud and big-data applications to the emerging “internet of things,” the data supply chain is expanding. This exponentially increases the number of people with access to sensitive data; therefore, security concerns are often the primary reason why some businesses have yet to embrace the Cloud.

Data Security Concerns

According to a 2015 Cloud Security Alliance survey, 61 percent of company executives are concerned about the security of data in the Cloud. If an enterprise is already hesitant about putting customer or patient data in the Cloud, it certainly would not consider putting the security functions designed to protect that data (e.g., malware, threat monitoring, firewalls, virus detection, etc.) in the Cloud, either.

However, in many cases, turning to a cloud-based service provider can actually provide better security than in-house efforts. Unless your business has an army of security specialists, chances are that a service provider has more and better security expertise, staff, and tools than your business.

I’m not a security expert, but I’ve talked with a number of security specialists, and they all agree that businesses have to consider the following security categories when protecting their data. Keep in mind that each area has its own set of tools, procedures, and management disciplines:

• Firewalls and next generation firewalls (NGFW)
• Network security (anti-virus, intrusion detection) and VPN
• Identity and Access Management (IAM)
• Cloud Access Security Brokers (CASB)
• Data Loss Protection (DLP)
• Data protection (encryption, etc.)
• Distributed Denial of Service (DDOS)
• Security Infrastructure & Event Management (SIEM) and security log management & analytics
• Vulnerability management (penetration testing, patching, and configuration management)

Cloud Services' Solution

Many businesses do not have sufficient staff or expertise to manage each of these categories, but most cloud service providers do. Security is a critical element to their business, not only for their own data, but also as custodian of their clients’ data. In fact, Tony Scott—U.S. CIO and formerly CIO of Walt Disney, Microsoft, & VMWare—recently told CIO Magazine that, “I think today the better bet is to get to the Cloud as quickly as you can because you’re guaranteed to have better security there than any private thing you can do.”

While no one can fully prevent a security breach, it’s clear that cloud service providers can actually improve your chances of combatting security threats. Visit C Spire’s website to see our cloud services offerings and learn more about how we can help you keep your data secure. 

Want to know more about cloud computing? Read other articles in my "Simplifying the Cloud" series:

• Simplifying the Cloud 
• Driving Business Value
• Getting Started
• Cases for Colocation Success 
• Public, Private, or Hybrid for your Business?