As more stories of data breaches affecting major companies and governmental institutions hit the news, consumers are wondering if their information is safe anywhere. At the same time, businesses are asking themselves how they’ll ever be able to protect sensitive information from thieves who are just raring to go at all the vulnerabilities they see as more organizations transfer their data from in-house servers to the cloud.
Many enterprises have spent the past decade or so, focused on locking down their physical perimeter to secure against breaches. However, with the concurrent adoption of applications, virtualization, multiple data centers, and more, cloud storage and security has become a complex issue.
With the technology research company Gartner, Inc. forecasting that almost half of large enterprises will have hybrid cloud deployments by 2017, there’s reason for concern. You’d expect at least a portion of these businesses won’t be up to speed with the latest security best practices for cloud storage, and will be proceeding as a matter of economics and convenience.
And it’s not like any of the threats affecting cloud security will be going away anytime soon. The Cloud Security Alliance (CSA)─ an organization dedicated to raising awareness of best practices to help ensure a secure cloud computing environment─ came up with a list of the top security threats facing businesses. The CSA’s “Notorious Nine” includes data loss, service traffic hijacking, insecure interfaces and APIs, denial-of-service attacks, malicious insiders, and more.
As if those nine looming cloud security threats weren’t enough to turn an IT person’s hair gray, there’s also the role which employees themselves play in circumventing cloud security for their own convenience, which can also be detrimental to a business’ efforts. Add that to the fact that people are now constantly accessing large volumes of data on multiple devices, from various locations, on different networks, and you can start to see how cloud security can be a real challenge for businesses.
If you’re an IT professional overseeing cloud storage and security for a large enterprise, we understand the urge to just stand up the strongest firewalls, the latest web proxies, block app traffic and hope for the best. A better approach would be to understand there’s a fine line between how much security is enough, and when it borders on being too intrusive to users. Your employees should be able to maintain their privacy without sacrificing the greater good of the company.
At Netskope, we champion a much more nuanced approach to cloud security. That includes putting a premium on privacy by making it the default security setting, keeping things transparent, and staying user-friendly.
For cloud applications, we recommend a thorough analysis of how they’re being used within your company. Once you know which apps are being relied on and why, you can take a much more granular, data-driven, and well thought out approach to enforcing a security policy around them. For a detailed view on our cloud and cloud app security recommendations, download our eBook, Cloud Security for Dummies, or get in touch.