EDITOR ’ S QUESTION
BRIAN GRANT , ANZ DIRECTOR AT THALES
CLOUD SECURITY
The pandemic has accelerated Digital Transformation by three years on average , according to McKinsey . With every passing day , an increasing number of organizations are migrating their data and applications to the cloud for improved business flexibility and scalability . However , many are still navigating the complexity of the cloud ‘ shared responsibility model ’.
Shared responsibility in the cloud – Your data , their cloud
As the volume of data stored in the cloud has increased , so too has the number of cyberattacks and data breaches . While cloud service providers ( CSPs ) offer some native data protection , businesses are still responsible for protecting the security of their data , onpremises resources and the cloud components they control , as well as compliance with data regulations Ultimately , it ’ s your data , their cloud . To minimize the impact of data security incidents , security and privacy regulations either mandate or recommend the adoption of data encryption .
Encryption and control
Merely encrypting sensitive data in the cloud is insufficient . The Cloud Security Alliance ( CSA ) and National Institute of Standards and Technology ( NIST ) recommend that cloud customers control their encryption keys and configure the key management components for cloud-based applications .
Managing both key lifecycles and data encryption is critical for ensuring confidentiality , integrity and availability of cloud data .
Cloud security challenges
When it comes to cloud adoption , the 2022 Thales Cloud Security Study reveals three major data security challenges :
1 . Privacy and data protection is more complex in the cloud . Over 50 % of organizations said that managing privacy and data protection was more complex in cloud environments .
2 . Attacks on cloud data are increasing . Over a quarter of organizations saw an increase , not a decrease , in attacks on cloud data and applications .
3 . Failed cloud audits and data breaches continue to rise . A growing number of organizations are failing security audits or reporting data breaches associated with their cloud platforms .
The right approach to cloud data security
Good data encryption and key security will mitigate risk when adopting a cloud-first policy . With CSPs being responsible for the security ‘ of ’ the cloud , and organizations being responsible for securing their data ‘ in ’ the cloud . Five tips for organizations include :
• Classify cloud data to identify sensitive data that needs protection
• Apply encryption to sensitive data to obfuscate it from unauthorized users or processes
• Impose access control over who , what , where and when data is written to or read
• Retain control over , and ensure redundancy of , encryption keys
• Enforce separation of duties between users of data and those securing it
Cloud services enable organizations to transform at an accelerated rate . Yet we have a social responsibility to people and organizations that work with us to secure their sensitive data .
www . intelligentcio . com INTELLIGENTCIO APAC 33