Disrupting technologies are forcing businesses to identify opportunities for agility, speed, efficiency and cost effectiveness across business units in order to be successful in the marketplace. This is driving the need for organizations to become digital enterprises, aggressively moving towards delivering scalable and robust enterprise infrastructure in the public cloud. Cloud technologies can offer enterprises the capabilities and potential they need to streamline business process and applications to become faster, more flexible and resilient.
In the next wave of digital transformation, cloud computing can provide huge benefits to enterprises. As compute cost goes down so does the cost of IT for organizations. At the same time, cloud features such as agility, scalability and flexibility can also benefit attackers who could utilize IaaS for malware distribution.
Customers today still have the perception that enterprises struggle to make the right decision toward moving into the public cloud. However, enterprises can develop a multi-year cloud program with a risk-driven approach and slowly move toward the public cloud to capitalize on the early benefits. People still believe that cloud providers are responsible for protecting the customer’s data and services. Some customers are reluctant to go to the public cloud because they don’t have a cloud strategy in place.
Today, most public cloud service providers strongly put higher priorities and efforts on securing their cloud ecosystem than typically an organization has in their in-house infrastructure with respect to technical, process approach and third party security evaluation such as ISO 27001 or SOC 2. The purpose-built platform enables them to avoid security vulnerabilities and customize them to meet the customer's needs. Ultimately the goal is to penetrate the big market and attract more customers to their public cloud.
In addition, cloud customer can take advantage of the advanced security services offered by the cloud service providers such as key vault, directory services, multi-factor authentication and threat detection capabilities to provide visibility around prevention and detection. They can respond to security threats in the ecosystem, whereas implementing these services and capabilities in the in-house infrastructure could cost million dollars to implement, run and operate.
Customers who are not confident with the cloud service provider’s security capabilities can evaluate their technologies and capability before using them. Some of the documentation, like standards, security controls, processes etc., can be freely downloaded from the service provider portal at any time to evaluate the capability and find gaps in the security measures.
The cloud service provider’s cloud stack could be very secure. However, the stack which is under customer control could be implemented with poor practices resulting in security or compliance failures while accessing the cloud services or applications. In order to securely use the public cloud, customers must develop new sets of polices, skills and controls. New technology always comes with new risks, and it's the cloud service provider’s responsibility to educate the business and customers and provide a toolset and processes to mitigate the risk.
Cloud service provides should secure their cloud stack and customers can further improve the security by implementing additional security controls to fill the gaps in the ecosystem. Acloud access security broker (CASB) can help enterprises solve these challenges to a great extent. CASBs can help address gaps in security resulting from the significant increase in cloud service adoption and enterprise mobility.
CASB solutions deliver some of the unique capabilities that are generally unavailable in security technology like web application firewalls and secure web access gateways. They also provide visibility around discovery of sanctioned applications, users accessing applications and locations, compliance monitoring, data security and threat protection in case unauthorized devices or users access cloud applications. These capabilities are provided across cloud services delivery models, including SaaS, IaaS and PaaS.
The enterprise still owns the data that lives in the cloud and it needs to be protected with full responsibility and accountability for cloud security threats. While cloud security providers manage the security of the cloud at various levels, it's the organization's responsibility to manage the cloud security risk. Organizations need to retain control over the security measures to protect confidential data, business content, platform, applications and network security in the cloud just like they do in the old on-premise data centers.
This article is published as part of the IDG Contributor Network. Want to Join?