Cloud security: it’s about choosing the right provider

When moving to the cloud, it is imperative not to base your choice of provider on price alone, but rather on their knowledge, experience and access to best-of-breed technologies.

It is clear that in today’s digital world, everyone’s data footprint is growing at a substantial rate, whether this is from a work perspective or an individual’s consumer footprint.

As this growth is exponential, it becomes increasingly difficult to keep up with this rate of growth. This has led to the shift from storing data on-premises to keeping it in the cloud. Although this has enabled greater storage capacity, it has also provided us with the ability to consume even more services.

According to Wayne D’sa, CEO at CipherWave Business Solutions, the more services we consume, the more devices and technologies we utilise to facilitate that consumption, the more security challenges this creates.

“Security is ultimately about managing risk. It is about understanding what is considered an acceptable level of risk and about knowing what to protect, how to protect it, who has access to it and what parameters are in place to warn you if anyone without access is attempting to do so anyway,” he says.

“Of course, the principles of security are the same whether you are a business or a consumer. Often the protection utilised is the same, it is simply the parameters that differ. For example, a consumer using a solution like Dropbox may use a simple password and PIN mechanism (called two-factor authentication) for security. On the other hand, a business using the same solution may require a domain authentication before asking for a similar two-factor authentication, and may then even need a rights access management authentication.”

He suggests that in a cloud context, decision-makers need to understand that when placing data and applications into the cloud, it is imperative to understand exactly what security protections the cloud provider offers. Following this, they should look at things from an applications perspective and understand what security the application provides.

“Finally, considering that the majority of breaches occur from internal sources, it is about clearly understanding what access your end-users have, because it is easy for an employee who is simply not educated enough in the ways of security to accidentally compromise your business.

“It is thus critical to choose a service provider that ensures the infrastructure protection provided matches the security requirements of whatever apps or data are being placed in the cloud. They should also have mechanisms in place to protect the perimeter and be in a position to recommend solutions – such as anti-virus software – that can help the client protect their apps.”

The service provider must be willing to determine what the customers’ needs are and what their risk appetite is with regard to security. Essentially, he adds, the service provider’s approach to security should begin with a zero trust strategy and build from there.

“It is the responsibility of every business decision-maker to clearly understand their cloud provider of choice, what service offering they can provide and what security solutions and technologies they leverage to ensure the safety of the company’s data and applications,” continues D’sa.

“This is absolutely critical, because far too often, businesses’ first priority in such discussions is price. Thus, they seek out a cloud provider that meets this requirement and simply shift the responsibility of protecting their data onto the provider – but the reality is that in the end, it is the decision-makers who are responsible for understanding the providers’ security provided for their applications.”

He advises companies to create their own checklist of security principles, practices and solutions in order to clearly understand how these protect the organisation’s data. The checklist should include clarity on issues such as how often do they upgrade their infrastructure, which providers are they aligned to and are they using best-of-breed technologies, and how – should they choose to change providers – are they able to safely move their data over, and whether they will get this data back in a format that is usable.

“We have certainly seen many businesses that don’t fully understand what a digital journey truly means, and there are lot of service providers that offer promises that don’t always meet expectations. Ultimately, if you are choosing a cloud provider, you need to accept your responsibility in the decision and not abrogate it.

“From a security perspective, especially, there are so many risks that it is vital to do your homework – and the key is to ensure your service provider is established, aligned to best-of-breed technologies and able to advise and assist you with regard to the correct security measures to take and solutions to implement,” concludes D’sa.

 

Courtesy of ITWeb


Johannesburg, 09 Feb 2022