Companies are getting smarter about security. However, hackers are growing in step. As a result, the threat landscape is constantly evolving. Ransomware, phishing, malware and targeted attacks are just a few of the reasons why software security remains an ongoing challenge.
Unfortunately, the ongoing move towards total digitalization only adds to the complexity. Companies are creating, processing, analyzing and storing data at record-setting levels with no end in sight.
At the same time, companies are embracing the cloud. The cloud offers unparalleled scalability as well as seamless access to the level of processing and storage capabilities companies need. However, utilizing the cloud has long created hesitation for security teams, who do not like to give up control to another party.
Fortunately, the hesitation surrounding the cloud is often unsubstantiated. Gartner anticipates that through 2022, at least 95 percent of cloud security failures will be the user’s fault – not that of the cloud provider. As a result, it’s time for companies to revisit what they are willing to put into the cloud. According to Gartner Research Vice President Jay Heiser, companies need to change their line of questioning from “Is the cloud secure?” to “Am I using the cloud securely?”
Embracing cloud security starts with accepting the reality that embracing the cloud itself introduces a model of shared security responsibility. Successful partnerships are based on a mutual understanding around which party assumes responsibility for each component. Under a shared responsibility model, cloud service providers take on the responsibility of securing the infrastructure running applications and storing all the data in the cloud. Companies have the responsibility for the actual usage including monitoring configurations, user activity, suspicious network traffic as well as host vulnerabilities.
“By embracing the shared responsibility model, companies are working together with the cloud provider to ensure that data remains safe and secure over time,” says Michele Barletta, security product manager for MindSphere in the Digital Industry division of Siemens AG. “This is crucial because resources and systems are constantly changing. It’s important to track those changes when adding more data to the cloud. The security controls need to stay up to date to maintain security expectations.”
Of course, when selecting a cloud provider, companies need to do their homework and every company needs a cloud strategy, which includes paying close attention to cloud security and compliance.
Interested in learning more about how to protect your data in the cloud? Download our Ask the Expert, “Time to Clear the Air on Cloud Security,” to learn more about keeping cloud storage safe.
 Gartner. “Recommendations for developing a cloud computing strategy and predictions for the future of cloud security.” March 2018.