What Worries Enterprise CISOs When Migrating To The Cloud
Migrating to the cloud offers a number of advantages to enterprise organizations, but there are real security issues that make switching over to a cloud environment worrisome. What CISOs want when migrating to the cloud is continuous insight into that cloud environment. They need a way to monitor and measure risk and the confidence that they have the proper security controls in place.
Increased Security Risk
Migration to the cloud means using managed IT services and many believe this means relinquishing a high level of visibility and control. Although the top cloud providers use the latest security technology and file encryption, even the most up to date systems can fail and expose your sensitive data to the world.
In reality, cloud environments are subject to similar cyber threats as private enterprise data centers. However, the cloud is becoming a more attractive target due to the significant amount of data that has been stored on servers in the cloud.
Attackers know that enterprises are slowly migrating to the cloud, and they are already targeting cloud environments. Alert Logic, a security as a service provider, released a report that concluded that those who make IT decisions should not assume that their data that is stored off premise is more difficult for cyber criminals to acquire.
The report went on to say that there had been a 45% increase in application attacks against deployments in the cloud. There had also been an increase in attack frequency on organizations that store their infrastructure in the cloud.
The Cloud Is a Jackpot
With the shifting of valuable data, production workloads, and applications to cloud environments these revelations should not come as a surprise. A statement from the report said, “…hackers, like everyone else, have a limited amount of time to complete their job. They want to invest their time and resources into attacks that will bear the most fruit: businesses using cloud environments are largely considered that fruit bearing jackpot.”
The report also suggests that there is a misconception within organizations about security. A number of enterprise decision makers were under the impression that once a cloud migration had taken place then the cloud company would be completely responsible for the security of their data.
Security in The Cloud Needs To Be A Shared Responsibility
All organizations must take responsibility for the security of their data whether it is hosted in house or in the cloud. This responsibility cannot be completely abdicated to a cloud company. If your organization suffers from a data breach while using cloud management services, it is unlikely that you would be able to evade responsibility.
It is essential that every organization fully understands the environment and the risks that are associated with cloud management. There can be myriad legal, financial, commercial, and compliance risks. Before migrating to the cloud be sure to scrutinize contracts so that the supplier’s liability is fully understood if a data breach were to occur.
Vice president of Alert Logic Will Semple said, “the key to protecting your critical data is being knowledgeable about how and where along the ‘cyber kill chain’ attackers infiltrate systems and to employ the right security tools, practices and resource investment to combat them.”
Cloud Visibility Is The Key
Whether you are using cloud management services or are hosting your own infrastructure, you need total visibility within your environment. If you are considering the migration of part — or all — of your environment to the cloud then this is essential.
After a cloud migration has taken place you can rely on this visibility to monitor each user, device, application, and network activity for potential risks and possible threats. Thus, the administration of your infrastructure becomes that much more effective.
Don’t let your cloud migration result in weakened security and incomplete compliance. Ziften can help maintain cloud visibility and security for your existing cloud deployments, or upcoming cloud migrations.
Learn more about how enterprises can securely adopt cloud technology in the latest solutions brief from Ziften.