Companies continue to move data into the cloud. Research indicates a there will be a continued increase in cloud storage and use in the coming years. Companies are migrating data storage to the cloud because it’s cheaper to rent applications and storage than it is to build or buy infrastructure. Software designed for the cloud allows employees to get access to data anywhere, at any time on just about any device.
This move to the cloud creates a complex hybrid world in which some corporate data is in the cloud, and some data remains on-premises. The new challenge is to find efficient ways to manage security in both places.
Cloud providers have certain security advantages. Cloud providers are more likely to be more conscientious than an underfunded information technology (IT) group about basic security protocols, including keeping software patches up to date, malware scanning with the latest signatures, and enforcing physical security. Nonetheless, moving data to the cloud doesn’t mean you will no longer have data access governance and data security problems. It may surprise you to learn that data access controls, data usage auditing, and security analytics capabilities in much of the cloud are just as limited as with on-premises data stores.
You might assume there would be some built-in protections for data, but data in the cloud is still vulnerable when basic security principles aren’t followed. Cloud providers do not update your passwords for you, and they do not decide who gets access to the data you store with them. These same issues apply to all other cloud providers as well as Amazon.
The reality of the situation is that you can’t outsource your data security to a cloud provider. You still need to apply the same data access governance and security practices to your cloud data as if it was in your own infrastructure.
“Cloud-access security brokers,” or CASB, is an area of emerging technology to assist organizations in managing their security needs across the multi-cloud. CASB provides cloud-centric products that usually operate between users and cloud services and/or make use of cloud service APIs.
CASB allows you to extend your cloud security, but there is still a bigger issue you have to deal with, and that is how you are going to unify the two different security environments. Even if you utilize, a cloud access security broker, cloud data security reporting and monitoring only covers the cloud and not the enterprise.
If you have no on-premises controls, you may accidentally expose sensitive corporate data to the entire internet. It can also be more challenging to spot security issues without adequate data and behavioral context across both environments.
What is needed is an alternative security technology that covers both on-premises and cloud data stores. A technology that provides a data-centric platform approach to security. Fortunately, there are several hybrid cloud security solutions on the market.
Organizations will continue to move into the cloud to take advantage of cloud economics, performance, and reliability.