Clear up cloud security concerns with 3 tips

Organizations in almost every industry are increasingly taking advantage of the cost and efficiency gains the cloud can deliver. As more companies move their data to public and private cloud services, security and compliance are becoming top concerns. Just as with on-premise data, however, data in the cloud sparks a fair amount of confusion.

Below are three ways to help clear up cloud compliance challenges and confusion at your organization and start reaping the rewards the cloud can offer. By following these tips, your company can ensure its IT environment works as a cohesive unit to detect and defend sensitive data no matter where it resides, from on-premise storage to the cloud and back.

1. Know that a cloud provider’s platform is not necessarily compliant.

A cloud provider’s platform is just a platform. The physical servers and software are a base for businesses to operate on, but they are not necessarily compliant or secure – and they might not adhere to the same standards your team enforces for its physical IT environment.

It’s critical to know what a cloud provider considers its responsibility and what is left to you. This can vary dramatically by provider, but some basic guidelines can be helpful. For example, the payment card industry (PCI) data security standards council says that with infrastructure-as-a-service (IaaS) deployments, users should consider themselves responsible for compliance of data, software, user applications, operating systems, databases and even virtual infrastructure.

While PCI standards are specific to the financial space, their intent applies to any industry. Make absolutely sure you know what your company is responsible for and what a cloud provider is responsible for when it comes to security and compliance.

2. Secure your on-premises environment.

Before turning to the cloud, it is critical that your on-premise environment is secure. While the cloud is no longer a new concept, cloud environments can introduce nuances that go undetected by traditional technical controls.

This goes for today’s virtualized storage environments, as well. Virtualized storage environments can foster the growth of dark data, which represents a real, undetected threat. Dark data is basically all that information a company accumulates and stores, but never uses. In fact, it has been reported that 93 percent of companies have sensitive, unstructured data they can’t locate. This can include sensitive information from financial and medical histories to legal reports, depending on your industry. Getting a handle on this information – then making sure it’s secure and you’re compliant with relevant regulations – is a key step before moving any data to the cloud.

3. Take a community approach.

Few companies use a single vendor for all technology and security needs. A critical part of security and compliance when introducing a new technology, such as a cloud provider, is making sure the new solution will work harmoniously with the rest of your IT strategy. This includes not just the new technology, but also the ecosystem – of professionals, vendors and partners – around it.

Ecosystems can help navigate the potential security and compliance pitfalls that can be introduced with a cloud project by pointing your team in the direction of solutions that will integrate and work together as one. As a result, you can build a seamless protection plan for your data, anywhere it lives.

While the cloud is now a proven technology, it can still be confusing and daunting for new users – especially in terms of security and compliance concerns. The three tips discussed above, however, can help clear that confusion, and make sure your data is protected as you make the leap to the cloud.

Quiz: Is your data ready to move to the cloud?

  Like This
Andrew Hay

Andrew Hay

With over 15 years of data security experience in various roles inside organizations as well as advising them, Andrew serves as the chief information security officer at DataGravity. He is responsible for the development and delivery of the company’s comprehensive data security strategy. Prior to DataGravity, Andrew was the director of research at OpenDNS (acquired by Cisco) and the director of applied security research and chief evangelist at CloudPassage.