Business on Cloud 9 – But are they secure?

By: Shrikant Shitole, Managing Director, India, Symantec

Adoption of cloud and its adjoined benefits are no more an unknown fact. Businesses across verticals and size are adopting cloud to aide their business needs and gain competitive advantage. It increases collaboration and flexibility while simplifying work streams and cutting costs. Benefits such as scalability, elasticity, Service Level agreements (SLA) which provide high level of satisfaction with minimal investment and reduced total cost of ownership form a lucrative and compelling package for organizations. It is these very benefits that are not only increasing the push to cloud, but also the demand for cloud security.

According to a recent report by Gartner, cloud computing will constitute the bulk of IT spending by 2016. In India alone, it is predicted that the cloud market will reach over $3 billion by next year—an almost five-fold increase from 2012. The adoption will grow multi fold in next few years as ‘Digital India’ take up broadband, internet issues and eliminate challenges for Digital Enterprise to go for cloud computing.

The Transition and Its Concerns

As businesses are transitioning from their legacy system and adopting modern technologies, concerns around security, privacy and compliance surface since data transcends beyond geographical boundaries and allocated devices. Today's cloud and mobile-driven world creates new data protection challenges as business critical information is no longer confined within corporate network. With consumerization of IT becoming widely prevalent, a lot of data is being created and stored in the cloud - undiscovered, unmonitored and potentially unprotected. Hybrid cloud adoption in India is also increasing its pace and is growing at 29.22% CAGR to 2019 as per a report by Sandler Research. In addition, increased number of smart devices and its growing penetration is further diminishing the perimeters of data residency. IT departments are evolving to embrace the concept of “Bring Your Own Device”, but today, it has traversed beyond device. It is now also about “Bring Your Own Application” and “Bring Your Own Cloud” into the workplace. Mobile applications and cloud services are increasingly engrained into all parts of our personal lives.

Traditional approaches to enterprise security have been based on control—control of devices, of infrastructure, of information—and of processes inside enterprise firewalls. Keeping corporate information safe and compliant has never been easy. The perimeters have blurred - and mobile devices make this even more difficult to manage. This is driving more demand for security options to provide visibility and control over the data that’s housed, as some businesses go beyond a cloud proof of concept to move the bulk of their workloads to the cloud. These trends are accompanied by an explosion in the quantity of data being created, shared, and managed by enterprises.

For a Safer Cloud Environment

In a scenario of such kind, new security patterns and practices are emerging to address the challenges in this cloud-based environment. These are based on IT regaining control by setting policies consistently across physical, virtualized, and private cloud, and public cloud infrastructures; acquiring visibility into policy deployment and enforcement; and, finally, auditing those policy controls. Governance, protection, visibility, and auditability are the key elements establishing confidence and trust in the cloud. For an enterprise, the basic hygiene comprises of through understanding of the consumerisation of IT and thus a view into information and its criticality. Simple password authentication is insufficient to protect against unauthorized access to networks and web or cloud-based applications. In this case, businesses should opt for cloud-based VIP solutions which delivers highly secure multi-factor authentication with a tap or touch of a finger. This will limit the accessibility of information; thus limiting the possibility of threats via weaker or unknown sources. Prioritization and assessment of situation and agility in responding to threat enables a business to curb it in the dormant on lesser active stage, thus keeping the impact to a minimum. Striking the right balance between usability, regulation and corporate transparency, as well as security and privacy is of utmost importance to sustain business continuity.

Encrypt everywhere is quickly becoming the mantra of the technology industry. With so much communication and interaction between people and systems happening over insecure and vulnerable networks, strong encryption for this data in transit has been well recognized for some time and it is generally implemented. Businesses today, do not want to deploy multiple solutions to protect each end point. For business benefits, they should rather deploy solutions which will integrate themselves with existing infrastructure. Solutions like Advanced Threat Protection (ATP) leverages existing threat protection infrastructure, helping companies to achieve an effective data protection regime without the expense and implementation issues from vendors.

As companies migrate to cloud, they would need solutions that would help them keep their critical information secure regardless of where it resides. Data Loss Prevention (DLP) is one of the key technologies to enable anytime, anywhere, any device data protection. DLP is a foundational technology for cloud security. Additionally, efficient use of analytics for the data aggregated will make the information more useful and the security approach more intelligent.

As we progress towards a more connected world, businesses will need to take a closer look at data governance to ensure that their data is cleaned before it is hosted on the cloud. Legacy data left unmanaged will continue to accumulate and present a persistent challenge for businesses. Security is no more a point product play but an architecture play. Enterprises should work with partners who can help them devise security as a part of their architecture.