In the public cloud’s early days, it wasn’t uncommon for enterprises to cite security fears as they hesitated to move confidential data to the cloud. Public cloud services felt exactly like their name – public – and traditional options for managing data security, such as keeping sensitive data as close as possible, felt more comfortable.
Today, those fears have been disproven many times over. The issues that actually halt public cloud migrations tend to center around data access, mobility and latency. Gartner recently reported that 95 percent of cloud security breaches occurring between now and 2020 will actually be the cloud customer’s fault, not a failure on behalf of the service provider. Meanwhile, RightScale’s 2016 “State of the Cloud” report found that security is No. 5 on cloud-focused organizations’ list of top challenges – down from its place as No. 1, which was only a few years ago.
Despite cloud service providers offering levels of security that match (or improve on) those used by enterprises, one cloud security issue remains a common factor for many hybrid cloud customers: confusion about who’s actually in charge of data security as data moves between platforms. Most enterprises use end-to-end solutions to secure applications, assets and data, but many are unwilling or unable to merge their strategies with security solutions from public cloud vendors, due to potentially increased risks or management complexities. This lack of cooperation can create cracks in an otherwise solid security plan.
Enterprises should ask:
- Do our internal data security policies account for the public (and private) cloud?
- When handling our data, do employee protocols for our cloud service provider mirror our own?
- Who’s responsible for data in transit between platforms, or cold data storage?
- Are our cloud providers up to speed with our company’s standards for data security and compliance – and vice versa?
For most organizations, paying closer attention to the way cloud service providers manage and secure data could help inform on-premises and in-transit security policies, and help build a collectively more secure enterprise for all involved. However, if resources are short and the above questions stir up more confusion than ideas for action, working with a third-party service provider can help ensure sensitive data remains intact, no matter where it lives.
Learn more about how to secure new models of enterprise storage.