How many clouds does your enterprise use? On average, up to five is the answer from the recent RightScale 2018 State of the Cloud Report. The report also states that 81 percent of enterprises surveyed have a multi-cloud strategy. AWS, Azure, Google, and IBM are names that crop up the most frequently. However, if your business uses specialist SaaS applications for supply chain, HR, project management, or other functions, you could soon be into double digits.
That’s a lot to keep tabs on – not only for costs and management, but also for security. To make things more complicated, cloud computing is dynamic. It’s one of its big attractions, allowing enterprises to pay only for what they need, when they need it. It’s also a sizable security challenge with workloads being spun up or down by any employee with a credit card to pay for the cloud services.
Organizations also make this mistake of assuming that the ownership of risks gets transferred to the cloud service provider (CSP) once their data is on the cloud. While CSPs provide required physical and access-based security, there is a large part that the clients are accountable for just as they are today with their on-premise data centres.
So, there are two sides to cloud security. One side is the security provided by the cloud service provider. They provide physical security to their data centres and cyber security against attacks on their data storage and computing resources.
However, they don’t do everything. For example, they won’t stop rogue employees from illicitly sending confidential data from onsite enterprise servers to personal cloud accounts. Their access control may be strong, but it assumes that anyone with the correct access credentials has the right to access applications and resources – even if the user is connecting at 3 in the morning from half way across the globe.
The other side is the security that your enterprise deploys. This security needs to deal with employee information security awareness, identity and access management, protection against social engineering, and data loss detection and prevention, among other things. With the cloud, you also need to secure bigger attack surfaces. In multiple cloud situations, these surfaces are often interconnected, giving attackers new stepping stones to reach the most confidential or valuable parts of your business.
New technology and new challenges mean a need for new skills. The cloud is already complex. Multiple clouds multiply complexity. Enterprises need to continually adapt not only their security actions to a changing perimeter, but also their security skills. Larger organisations grit their teeth and try to keep pace with evolving threats and compliance requirements. Smaller enterprises are caught between a need to use the cloud to compete against bigger companies, and their limited in-house resources for staying safe.
But most enterprises don’t want to slow down their migration to the cloud. The connectivity, flexibility, scalability, and resilience are too good to give up. The RightScale report shows that enterprises seeing the public cloud as their top priority rose from 29 percent in 2017 to 38 percent in 2018. Ponemon’s latest report on cloud adoption suggested that by 2020, organisations will be using cloud environments for 51% of their IT and data processing needs.
The smarter way forward is to use the potential of the cloud to drive cloud security. Paladion runs many of its security services through the cloud. Scalable compute and storage resources power Paladion’s advanced AI security platform – AI.saac. Cloud connectivity links more than 1,000 Paladion security experts across the globe for 24/7 security. Cloud economics makes effective security affordable to small and medium enterprises too.
By constantly updating its own employee security skillsets, Paladion can also adapt to any customer requirement, filling exactly the gap between an enterprise and its cloud provider. Cloud security will never stand still, but with Paladion as their security services provider, enterprises can be sure that their cyber security will continue to extend all the way to their cyber perimeter – wherever it may be.