Chris Harragan
Security Analyst at i-confidential
The adoption of cloud computing is increasing all over the world, with the banking sector currently accounting for 10.6% of global cloud spending. This follows an initially slow uptake due to a general unease within the finance sector regarding the security of cloud services.
According to a survey undertaken by LogicMonitor and IDC, nearly two thirds of organisations view security as the biggest challenge in adopting cloud computing. This anxiety is completely understandable, especially within the highly regulated finance environment, but may be overblown. Gartner, for example, found that over 90% of cloud breaches are caused by user error.
And though concerns about security and regulatory adherence when using cloud services are legitimate and logical, there are many misconceptions about the level of security they can offer.
For cloud providers, security is the absolute core of their business. They spend large amounts of time, money, and resources to create the highest levels of security and resilience. Many cloud providers are certified by industry standards and meet almost all local and global compliance regulations.
AWS, one of the major players, does not just provide secure and resilient infrastructure. It allows organisations to utilise its services to improve the efficiency and speed of BAU processes, increase scalability, improve flexibility, and reduce overall costs. Clay Magouyrk, the Senior Vice President of Engineering at Oracle, stated that customers typically save between 30-50% overall by moving applications to the cloud.
Cloud computing has many benefits and is more secure than commonly believed, but security must remain a major focus.
The key question should not be, ‘Is cloud safe?’, but rather, ‘Are we using cloud safely?’
Due to the fact that cloud services are being adopted at a rapid rate, their administration often falls to employees with little or no cloud knowledge. This means organisations absolutely must develop clear and comprehensive cloud strategies to reduce the risk.
It can be difficult to understand what security cloud companies actually provide. Not only are the options often confusing, but some of the security capabilities will become the responsibility of the adopting organisation. These are just some of the reasons why it is prudent to invest in a security review by people who understand all aspects of security... not just cloud.
A security assessment from i-confidential will help identify any weaknesses in cloud-based solutions. It will also provide recommendations and support regarding the changes needed to make an organisation’s cloud security truly effective.