Several things are on the rise as concerns the Cloud.
Ever more organizations are taking advantage of the Cloud: Its universality; its ready storage potential for shared data (or even static, backed up, data); its grant of access to networks; its dispensation of services, and so on. Rising use by a rising number of organizations and org-types is paired with something else, however…
Also on the rise are attacks on the Cloud, and resultant successful breaches. Darn! Every time I begin to sense a perfect world, something comes along to burst my bubble.
The Cloud is attractive in that it is cost efficient: Storage is inexpensive, easily mounted and maintained, and again – there’s the ready access as enabled by the web. How about Software as a Service (SaaS)? Again, ready access and use. Further, utility and production easily “drop” from the Cloud to any desktop, any device (with proper access and authentication) – and a user is off and running.
But recognize that whether it’s data, apps, tools or services, something very fundamental – perhaps as fundamental as it can possibly get – is shifting. The enterprise, the organization, no longer harbors security. The organization no longer controls security – as in the days of an in-house discreet network, with a room of servers, and a workstation population largely within four walls (whether literally or figuratively) of… the organization’s control.
When things move to the Cloud, recognize that a service provider, a vendor, a solutions partner – whatever you’re using and/or deem to call it – is now running the security show. You must ensure that they have best security practices in place: Constant survey, adjustments, upgrades, risk assessments, notifications – in service to a leading security edge, not a lagging one – a proactive security posture.
You’d better do some due diligence. Why? Who manages security in these circumstances? The answer – the only answer that counts from the enterprise’s perspective is – Someone other than the enterprise. And this leaves you vulnerable: Ensure you get the actual security you need, demand, and pay for in these circumstances.
And yet: Indemnification for breaches and losses is always difficult to negotiate. Cloud services providers (including storage as a service) aren’t exactly in a posture of “Use at your own risk”, but because attacks are always evolving, and breaches can expose providers to catastrophic loss, it’s tough to ascertain just how secure any environment is in the Cloud – and contracts can be difficult to negotiate and discern.
But don’t get lazy and sign off on something you’re not comfortable with. Search and select your partners carefully. Then, survey contracts, guarantees, and remunerations. Don’t rush to the Cloud faster than providers are willing to mount, and stand behind, appropriate security.
NP: Cakewalk Into Town, Taj Mahal, jazz24.org