When it comes to the cloud, do CISOs have their heads in the sand?

Not only has the cloud enabled companies to access multiple applications online via Software as a Service (SaaS), but it has also made internal infrastructure more agile and scalable, and fueled flexible workforce collaboration. This shift towards storing data in the cloud shows no abating: Gartner predicts an 18% rise in demand for cloud computing this year alone, partly driven by increasing use of connected devices and artificial intelligence, illustrating the continued acceleration of data migration to the cloud.

Not only has the cloud enabled companies to access multiple applications online via Software as a Service (SaaS), but it has also made internal infrastructure more agile and scalable, and fueled flexible workforce collaboration.

This shift towards storing data in the cloud shows no abating: Gartner predicts an 18 percent rise in demand for cloud computing this year alone, partly driven by increasing use of connected devices and artificial intelligence, illustrating the continued acceleration of data migration to the cloud.

The light and dark side of the cloud

While CISOs recognize the benefits of cloud applications, many also know the risks: sharing critical information in the cloud can make networks less secure. A string of recent high-profile data breaches highlights the potential scale of the fallout. In 2015, 32 million Ashley Madison users were made public when the extra-marital dating site was hacked. Last year, Yahoo revealed it had suffered multiple breaches, the largest of which affected one billion accounts. Earlier this year, hackers threatened to wipe millions of iPhone accounts using email and iCloud data, though Apple disputed the attack’s viability. 

So why is the cloud vulnerable? How can CISOs deliver flexible working practices and greater functionality whilst ensuring information security?

What makes the cloud so vulnerable

The cloud has always been one of the most difficult network areas to secure, and there are many reasons why.

Firstly, companies use the cloud for varied purposes — file sharing, boosting processing capacity, collaboration — and each employee uses different services. So, the remit of any CISO might include thousands of services. This heavy workload can mean loopholes are missed and the task of ensuring total cloud protection is put on the back burner.

Secondly, there’s confusion about who is responsible for safeguarding data. Cloud vendors have traditionally promoted their offerings based on their ability to keep users safe, which has led many CISOs to believe they can leave the majority of in-cloud security up to vendors. This has created a blurred line as to who is responsible for different aspects of cloud data security, leaving data vulnerable.

Finally, once data goes into the cloud, CISOs lose visibility of how it is processed, creating a blind spot in network security for CISOs and a compliance problem for companies. In fact, according to a study by the Ponemon Institute, 62% of IT professionals think the cloud increases compliance risk, and over 70% feel it makes managing privacy and data rules more complex. A further 54% also do not think their company takes a proactive approach to complying with privacy and data protection regulations in cloud environments.

So far, the benefits have outshone these issues. But with the cloud now integral to everyday business operations, there is a growing need for CISOs to take back control and plug the gaps in their defenses, before the attackers spot them. 

Reinforcing cloud security

A potential solution to securing the cloud is on the horizon: Cloud Access Security Brokers (CASBs). 

To date CASB adoption has been slow — they’re currently used by less than 5% of companies — but Gartner predicts this will soon change, with 85% of large enterprises using one by 2020.

The cause of expected surge in appetite for CASBs has a lot to do with their capabilities and transparency. CASBs allow companies to access and manage their data, and can be used to authenticate both devices and users. What’s more, they provide total visibility, offering a complete view of all data traffic to and from the cloud.

For CISOs, such functionally is invaluable in improving cloud security. Not only can they use CASBs to regain control of their data after it enters the cloud, but they can also keep track of what happens to it — analyzing activity to pinpoint anomalies and remove suspicious users from networks before they can do any damage.

With this detection-based approach, instead of relying on countless tools to secure every device and service in their cloud network, CISOs will be able to achieve maximum efficiency and protection.

As cloud usage becomes ubiquitous, the security weak point it creates is something that companies can no longer afford to ignore. CISOs must stop avoiding the issue and shift their attention to the innovative technologies being developed to address it. By focusing not just on the cloud’s advantages, but also harnessing innovations like CASBs, CISOs can solve the cloud conundrum and ensure their company isn’t next on the hack list.

This article is published as part of the IDG Contributor Network. Want to Join?

SUBSCRIBE! Get the best of CSO delivered to your email inbox.