Taking Control of your data
I can recall in the past how crazy the idea of moving servers, services and data away from your organization's premises sounded. At the beginning of the .com boom, many companies started to host their websites externally, on the so-called ‘early cloud’, an external hosting service provider. That was a place where businesses allocated their websites by signing an agreement with the provider, a process formally known as domain name registration.
Back in the day, no sane person would have agreed to move ALL their servers and services to someone's computer connected to the internet". That's precisely how I define "the cloud" because, at the end of the day, it's trusting your business operations and sensitive data to a 3rd party over which you have little control and visibility into their security policies.
As part of business transformation, globalisation, virtualization models and reduction in the cost of ownership, the time of the ‘Cloud’ has truly arrived.. A few years ago, the challenge was to decide where to move it, and moreover how to protect data and, and not disrupt your current business.
Nowadays, new companies go directly to the cloud. Companies don't care about having a server or a physical space somewhere. They only decision they have to make is to decide which cloud provider they will use to store their data and run their services. .
Security and Protection
So who is responsible for the security of your cloud services and data under this new model? The assumption that you can sit and relax when using a Cloud service provider, believing that they provide complete security and protection, is misplaced. The reality is that security is a shared responsibility between the customer and the cloud provider, however, ultimately the CUSTOMER is always responsible for the data. For example, if a cloud users credentials are compromised and sensitive data is exfiltrated, this has to be the responsibility of the customer to control cloud access, and not the cloud provider. In additioan, new compliance regulations such as GDPR mandate that personal data should be protected, but not precisely how to protect it. So if there is a data leak from your cloud-based server/service, you will be the party paying the price..
Honestly, every business should ask themselves – Is my data is secure and protected. You can't just rely on a data cloud service provider to provide a fully secured service; it is not their job. They are just hosting your services and servers.
I don't have to be a cybersecurity expert to predict that the next big challenge for cloud users will be gaining control of your cloud, and protecting your cloud based data.
For that, you will need to adopt new security solutions to govern the use of cloud services, protect data and to be compliant with regulations..
It is essential that you encrypt your sensitive data. It is also important to have visibility of which users have access to what data and when, whilst meeting your productivity requirements for your business continuity.
At the end of the day, you have total control of your data again.