Christo van Staden, Forcepoint Regional Manager |
The
widespread adoption of cloud solutions has been driven by the myriad of
associated benefits offered, such as flexibility, scalability and
remote access. At the same time, concerns have been raised regarding the
security of these solutions when it comes to keeping sensitive data
safe from malicious actors. Many organisations take the easy way out and
continue to work with their old, trusted IT infrastructure and as a
result, play it safe with proven on-premise storage methods conferred by
legacy IT infrastructure.
However,
trust in the cloud has improved and many security concerns have been
addressed by security vendors and cloud providers. Companies now utilise
cloud solutions (whether a hybrid or pure cloud) to store their data
and applications. But despite the fact that security has become much
better, companies should be aware of the half-truths and myths that
exist regarding cloud security.
Here are the four biggest misconceptions about cloud security providers at a glance:
- Cloud security providers do not need to present a security certificate
Compliance
teams tend to only check certificates within their own organisation and
extend them where necessary. However, every partner - including the
cloud security provider - must also have the correct certificates. This
means that companies should request the appropriate certificates from
providers before one is appointed. Failure to produce the correct
certificates should raise concerns about how the provider processes and
protects sensitive data.
For
example, if an ISO 27018 certificate is missing, it is unclear whether a
provider deals with personal data in the right way, which raises a red
flag regarding General Data Protection Regulation (GDPR) compliance or
Protection of Personal Information Act 4 of 2013 (POPIA).
Another
tip is to have the control done by an external party. Such an audit
requires time, energy and money, but some cloud security providers are
unable or unwilling to make this investment. This is another factor that
should be considered during the selection process.
- Data centres of cloud providers are always better secured than their corporate counterparts
- The more data centres a cloud service provider has, the better the performance and resilience of the infrastructure
Although
a cloud solution must have multiple data centres, it is not
self-evident that the amount of data centres affects performance. For
example, Microsoft Azure, which has only 30 data centres worldwide and
works well. Other services with hundreds of data centres cannot always
match Azure.
So
while global coverage helps to reduce latency, cloud peering (creating a
stable, private and direct connection between your own and public
cloud) makes the difference when it comes to a good user experience.
- The security of the cloud service provider itself does not affect the costs of cybersecurity insurance
Insurance
companies will review a company’s cybersecurity posture in order to
determine monthly premiums. If a company is deemed to not be doing
enough, then this can affect the monthly amount.
Fortunately,
this can be avoided by demonstrating that both the organisation and the
provider are committed to optimum cybersecurity, by investing in
adequate prevention of cyber threats, good data security and data
protection.
Growing cloud security
More
and more companies are seeing the benefits of working in the cloud,
including better data security and accessibility for all employees,
especially with regards to remote and mobile working. Cloud solutions
also offer a degree of flexibility and scalability that surpasses legacy
technology.
As
a result, cloud-based security services will also continue to grow,
reaching $9 billion worldwide by 2020, according to a study by Gartner.
For most companies, the cloud can and does have real business benefits –
increasing efficiency, scalability and driving growth across markets.
Knowing how to choose the right cloud security provider therefore
remains important.
Want to know more about cloud security? Look [HERE]
Article by Christo van Staden, Forcepoint Regional Manager: Sub-Saharan Africa.
Tweet us @GoXtraNews #GoXtraNews or contact our editor Buchule Raba editor@goxtranews.com to send us your stories or request interviews.
Tweet us @GoXtraNews #GoXtraNews or contact our editor Buchule Raba editor@goxtranews.com to send us your stories or request interviews.
No comments:
Post a Comment