DESPITE IMPROVEMENTS, IT’S STILL IMPORTANT TO CONSIDER POTENTIAL RISKS
MANY COMPANIES that have avoided the cloud up to this point have done so due to security concerns, some of which are merely perceived while others are wellfounded. But over the years, as more and more vendors have come to the market, many cloud providers have used security as a specific area to differentiate themselves from the competition. This has led to industry-wide security improvements, for the most part. Still, some concerns remain, and for that reason, it’s important to revisit the current cloud security landscape and determine whether or not it’s time to take on a little risk in order to receive some of the major potential benefits that come with embracing the cloud.
Should You Still Be Worried?
Although strides have been made, there are certain aspects of moving data and workloads to the cloud that will inherently add risk. For example, James McCloskey, director of advisory services covering security and risk at Info-Tech Research Group, says that the fact that you’re moving things to the cloud in the first place “means that at least another party has been added into the mix and you have security challenges associated with their access to it.” This isn’t just a security issue, but also a privacy issue because even if someone doesn’t steal your data, they might still be able to look at it, which could be a problem for companies that want to move sensitive information to the cloud. McCloskey says that nearly every aspect of moving to the cloud is a “risk management decision.” The key is to look at what the potential security issues are, determine how much of a risk they pose to your organization, and then weigh that risk against the potential benefits. “If I am able to outsource the hosting of a certain function of my IT services to a CSP (cloud service provider), even if that particular service may be subjected to slightly elevated risk, the benefit that comes to my internal organization from not having to manage the day-to-day security may mean that I can actually deploy better security on some of my more sensitive systems that are internal,” McCloskey says. In other words, moving some workloads that can handle more potential risk to the cloud may free up IT resources and let you better secure your internal infrastructure.