Cloud Computing Security Concerns
With the rise of cloud computing, different concerns about adopting the cloud have arisen over the years. In 2016, the top concerns were pretty similar to previous years, though some have become higher or lower priority as the understanding of cloud computing has changed. Three of the top cloud computing concerns going into 2017, according to Corpinfo, have been a lack of resources/expertise, security, and cost control, all of which can lead to an avoidance of cloud computing, even if would ultimately be helpful for an organisation.
Lack of Cloud Security Skills
“To me, it is telling that the cloud has become so complex and evolved so quickly that even professional IT workers and CIOs cannot always get their heads around what is possible…” Jonathan Hassell, CIO
The top concern for 2017, coupled with security, remains a lack of resources/expertise in the field of cloud computing. This can be attributed to several factors: lack of training, multiple and varied cloud vendors, and the addition of hybrid clouds. Training for cloud expertise can be somewhat difficult to find, and the lack of many standards and certifications also makes it hard to know when someone has the needed expertise. The numerous cloud vendors that can all use different terminology, and all have different strengths. Depending on what your needs are, one company may be better than another, but you could go with one that is not optimal if you are not aware of these differences.
Also, adding hybrid cloud infrastructure into the mix can make it even more difficult to determine the best choice. Taking the time to find a good training for your employees could be an important step toward helping to get the proper expertise, which can be used to more effectively identify and properly make use of the best cloud service provider(s) for your company.
Cloud Security Concerns
Cloud security skills remain even more difficult to find. Many companies are concerned about cloud security, despite modern cloud providers often doing a good job of security on their end.
Cloud providers often take care of some of the tougher issues, such as keeping unwanted traffic outside a specific scope from accessing the machines on which your data and apps reside. They can also ensure automatic security updates are applied to their systems to help prevent recent security threats.
Given that cloud security has been a top concern for some time, it may be surprising that banking had the most cloud activity in 2013, which would seem to indicate that at least one sector that deals with highly sensitive customer information has had a great deal of confidence in security provided by cloud providers for some time. Keep in mind, though, that the quality of security does depend on the cloud provider, so be careful to perform the needed research on any cloud providers you may be considering.
Even though cloud providers tend to do a good job at security on their end, you must still be vigilant with your own internal security policies. Some security issues are outside the scope of a cloud provider, and you need to be sure to take proper precautions against such things.
For example, losing or misplacing a device that has access to your cloud could allow an outsider directly into your cloud administration, which could cause significant damage or losses. Another example would be an application vulnerability, such as an opening for SQL injection, cross-site scripting, or similar issues. An attacker can use such vulnerabilities to bypass otherwise excellent security measures. Keeping a good internal security policy is just as important as choosing the right cloud provider when it comes to mitigating security concerns.
Cost Control Concerns
Even though cost control is not one of the top three concerns, Corpinfo identified it as the fastest growing concern, so it may indeed move up the list quickly in the coming years.
While cloud adoption does in most cases save money over a data centre, expenses can still add up quickly or be higher if the proper options for your situation are not chosen. This can be linked back to having a team with the necessary cloud experience and expertise to choose the proper cloud provider and to make use of the proper features to help ensure costs are kept at a minimum.
While all of these concerns are very real, they can all be dealt with if steps are taken to obtain good training and to keep a good security policy. So, when you are considering the move, be sure to take the proper precautions and bring in the needed expertise to ensure a successful transition.
Want to assess your current team’s cloud security skills?
Download the SCS Cloud Security Self Assessment Questionnaire and Cloud Security Skills Matrix to plan your training budget for 2017.