Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Security and the cloud

1 April 2019 Infrastructure

By Modeen Malick, senior systems engineer for MESAT, Commvault for South Africa.

Cloud computing is gaining traction and, with major cloud players establishing – or committing to – a local presence, it’s only a matter of time before every business has some, if not all, applications running in the cloud. For many organisations, concerns around cloud security are hindering their plans to move to cloud environments.

Fortinet’s most recent Global Enterprise Security Survey states that 74% of surveyed organisations believe that migration to the cloud will make cloud security a growing priority in the future. The fears around security in the cloud are hardly surprising when faced with the threats listed in Cloud Security Alliance’s (CSAs) Treacherous 12 Top Threats to Cloud Computing Plus: Industry Insights report (See box).

However, businesses that have the right policies and processes in place to protect their own data, both in the cloud and travelling to and from the cloud, shouldn’t let security threats hamper their cloud strategies.

It’s true that many new threats have emerged as more businesses take to the cloud, however, most of these threats can be avoided simply by having sufficient controls in place. For many organisations, storing data and running applications on infrastructure that they don’t manage equates to vulnerabilities.

But because it’s the cloud provider’s business to store their data and host their applications, they typically have more security and security skills than most businesses do for their on premise solutions. It’s their business to invest in protecting their customers’ assets.

Data protection

One of the biggest misconceptions around cloud security lies around who is responsible for data protection: the customer or the cloud provider? While the cloud provider is responsible for ensuring their infrastructure is secure, the onus falls on the customer to ensure their data is protected and that the cloud provider’s security measures align with the customer’s security requirements.

Businesses retain the responsibility for what they put in the cloud and how they access it. In addition, customers put a lot of data into the cloud and assume that the data is protected without taking into account the number of access ports they have and who uses them. Stringent identity, credential and access management is a must.

Organisations need to check that their cloud provider’s security is aligned with their own policies to ensure proper data protection. It’s important to know where the customer’s security responsibility ends, and where the cloud providers begin to ensure that there is no scope for data loss or potential for data breaches. Organisations can then fill in the gaps effectively wherever the cloud provider doesn’t provide adequate security in terms of the business’s security policy.

While the cloud is an unquestionable enablement tool for businesses, making life easier in terms of accessibility, increased productivity and a score of other benefits, it also makes IT teams’ jobs considerably more complex.

Policy is essential

In the cloud, IT teams are no longer wholly in control of the data they are responsible for protecting, so it’s up to them to ensure that they implement and enforce data and cybersecurity policies, processes and procedures to maintain as much control as possible. It’s imperative that they not only apply these policies, but that they update them regularly and create awareness of security parameters among all users.

Included in the policy, businesses should have a strong focus on identity, credential and access management regardless of whether they embrace a public, private or hybrid cloud strategy. They also need to provide for backup, through a separate provider in the unlikely event that the cloud provider does not offer this as an add-on service.

Moreover, businesses should do a proper, full scale assessment of their current security measures and compare it with their chosen cloud provider, then work hand-in-hand with the provider to cover every aspect of security. Often, they will find their existing security falls short of that of the cloud provider, however they will also often realise the importance of access control.

Cloud usually provides authentication; however, a line needs to be drawn between the limits of the cloud provider’s authentication tools and the business’s own access requirements. A policy is essential.

Although regulations are coming into play that enforce the need for data protection, they also call for strict policies around data management and security.

It’s up to the business to protect its own data. What you put into the cloud, you get out, so part of the solution is to ensure that you know what data you are putting into the cloud, define the parameters and policies around keeping it safe, then ensure they are supplemented with suitable security technologies. With this in place, unless cloud offers no other benefit, there is no reason why any organisation shouldn’t be considering – and using – the cloud going forward.

For more information contact Commvault, [email protected]





Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

Fastest PCIe Gen 5.0 NVMe SSD
Products & Solutions Infrastructure
Sandisk has unveiled the WD_BLACK SN8100 NVMe SSD with PCIe Gen 5.0 technology, an internal SSD delivering speeds up to 14 900 MB/s and capacities up to 4 TB, with 8 TB solutions available soon.

Read more...
Unified storage solution
Products & Solutions Infrastructure
CASA Software has announced the local availability of Nexsan’s upgraded unified storage solution, Unity NV4000, which is ideal for mixed workloads, from virtualisation and video surveillance to secure backup and recovery.

Read more...
Suprema unveils BioStar Air
Suprema neaMetrics News & Events Access Control & Identity Management Infrastructure
Suprema launches BioStar Air, the first cloud-based access control platform designed to natively support biometric authentication and feature true zero-on-premise architecture. BioStar Air simplifies deployment and scales effortlessly to secure SMBs, multi-branch companies, and mixed-use buildings.

Read more...
Back-up securely and restore in seconds
Betatrac Telematic Solutions Editor's Choice Information Security Infrastructure
Betatrac has a solution that enables companies to back-up up to 8 TB of data onto a device and restore it in 30 seconds in an emergency, called Rapid Access Data Recovery (RADR).

Read more...
Advanced surveillance storage from ASBIS
Infrastructure Surveillance Products & Solutions
From a video storage solutions perspective, SkyHawk drives, designed for DVRs and NVRs, offer high capacity, optimised firmware, and a reliability workload rating of hundreds of terabytes per year.

Read more...
Power surges are killing our networks
Duxbury Networking Infrastructure
With power surges and lightning strikes becoming an all-too-familiar threat to South African infrastructure, Duxbury Networking is calling on local installers and network integrators to follow proper grounding protocols.

Read more...
A passport to offline backups
SMART Security Solutions Technews Publishing Editor's Choice Infrastructure Smart Home Automation
SMART Security Solutions tested a 6 TB WD My Passport and found it is much more than simply another portable hard drive when considering the free security software the company includes with the device.

Read more...
Five tech trends shaping business in 2025
Information Security Infrastructure
From runaway IT costs to the urgent need for comprehensive AI strategies that drive sustainable business impact, executives must be prepared to navigate a complex and evolving technology environment to extract maximum value from their investments.

Read more...
Threats, opportunities and the need for post-quantum cryptography
AI & Data Analytics Infrastructure
The opportunities offered by quantum computing are equalled by the threats this advanced computer science introduces. The evolution of quantum computing jeopardises the security of any data available in the digital space.

Read more...
Navigating today’s cloud security challenges
Information Security Infrastructure
While the cloud certainly enables enterprises to quickly adapt to today’s evolving demands, it also introduces unique challenges that security teams must recognise and manage. Vincent Hwang offers insights from the 2025 State of Cloud Security Report.

Read more...











SMART Security Business Directory



Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.