Venkatesh Jakka (VJ), Assistant Vice President, Office of the CTO writes about ways to mitigate cloud security risks.
By 2025, 50% of the world’s data will be stored in the cloud and analysts predict the total global data storage will exceed 200 zettabytes – that’s two trillion gigabytes!
Cloud computing provides instant Internet access to a variety of IT services, such as servers, data storage, network, applications, operating system software and other infrastructure. Most companies use a variety of cloud options:
Public: As the name suggests, public clouds are accessible via the public internet. Amazon Web Services and Google Cloud are good examples.
- Private: In this cloud environment, all cloud infrastructure and computing resources can be accessed by one customer
- Hybrid: A combination of public and private clouds
- Community: Multiple organizations can share cloud resources and services
A public cloud is comparable to shopping on Amazon. There is a wide array of products, an easy user and buying experience. The community cloud is more like a small-town grocery store, while private and hybrid clouds are similar to an invitation-only “company store.”
The small, intimate nature of the public and hybrid clouds are great for security in the sense it is private workload and theoretically isolated from other people’s hosting. However, one gives up the access and ease associated with the public cloud.
With so much sensitive information being stored and shared across public clouds, it’s no surprise that the primary concern is security.
Cloud Computing Security Solutions
Best practices to mitigate these security risks in the cloud include a combination of clearly defined responsibilities, enhanced visibility, and proactive strategies. These practices provide the best protection when used simultaneously.
- Define data ownership responsibilities. Outline data ownership between the cloud provider and the company. Vendor relationship is key. It is common for cloud providers to be responsible for the cloud infrastructure security, with the company responsible for the data in the cloud. This may mean you invest in a technical account manager, or TAM, to provide support direct from the vendor to the company. Without vendor help, clouds are not easily used.
- Invest in a cloud team and toolkit. Invest upfront in good governance, security, configuration tools, and set up. It will save money in the long run. Similarly, hire good cloud-literate engineers and retrain key staff to use the cloud.
- Collaborate and communicate. Cloud computing doesn’t exist in a bubble. Multiple divisions in a company are involved in the success of cloud integrations, including IT, compliance, operations and security. Ensure all teams are working together in the adoption and alignment of the cloud.
- Protect data. The risk of a malware attack or data leak have one thing in common: human error. In fact, 85% of data breaches are due to human error, with 43% of employees making a mistake that compromised online security. The best protection is to train staff thoroughly, conduct regular audits and assessments, employ a multi-factor authentication system, and encrypt data at all times.
Share on social media:
About Unum Group
Unum Group (NYSE: UNM), an international provider of workplace benefits and services, has been helping workers and their families for 175 years. Through its Unum and Colonial Life brands, the company offers disability, life, accident, critical illness, dental, vision and stop-loss insurance; leave and absence management support and behavioral health services. In 2022, Unum reported revenues of about $12 billion and paid $8 billion in benefits. The Fortune 500 company is one of the 2023 World’s Most Ethical Companies, recognized by Ethisphere®.