The State of Cloud Security
The world continues moving deeper into a digital revolution that will alter (for the better, IMHO) how industries do business. Operating on a global digital scale, companies are now challenged to revise their operating models, and in many circumstances, build completely new ones. Cloud computing has become the foundation on which many new models now rest.
Cloud Computing: Beyond 2020
Gartner reports that the worldwide public cloud services market is forecast to grow 17% in 2020 to total of $266.4 billion, up from $227.8 billion in 2019. According to MarketWatch, global spending on the cloud will exceed $623 billion by 2023. Cloud adoption continues to rise for consistent reasons: lowered costs and greater agility.
With so many companies now relying upon the cloud, cloud security must be strong, right? So, what is the state of it?
The cloud is as secure as you and your vendors make it.
Current Challenges and Risks
Once an organization begins the transition to cloud infrastructure and applications, the challenge becomes monitoring on-premise and cloud computing environments, often multiple instances of these. Most often this results in using new or different tools and techniques for managing cloud operations versus on-premise environments.
When organizations are freed up from nonessential infrastructure and operations activities, such as managing hardware- and software-related life cycles, they can reinvest this new found time into focusing on more important activities: defending and protecting critical corporate data and other assets.
Potential integrity pitfalls arise when managing multiple environments where organizations must place an increased emphasis on wide area network security (similar to, but also different from, securing a local area network). Risks include intrusion prevention and detection; defending against denial of services attacks; and other more complicated attacks that may require help from a managed security service provider (MSSP).
Adoption of open standards and guidelines such as those from the International Organization for Standardization (ISO) and the National Institute of Standards and Technology (NIST) increases the ability to protect data everywhere it exists. However, maintaining compliance with Payment Card Industry (PCI) compliance, Health Insurance Portability and Accountability Act (HIPAA), and other regulations governing protected personally identifiable information (PII) or protected health information (PHI) increases in complexity and can be more cumbersome when operating within multiple environments.
For example, in the past, cloud adoption by the healthcare industry had been slow to due to stringent HIPAA regulations. Fortunately, industry reports reveal that cloud service providers largely remain on top of maintaining HIPAA compliance. Case in point: at Topdown, we have seen a marked increase in interest among health insurers of all sizes for INTOUCH®, our cloud-native customer communication management (CCM) solution.
Cloud security needs to be a number one priority in 2020 with the goal of protecting every piece of data, particularly when at rest and in transit. Security policies and procedures take on a new and heightened priority as a result.
In particular, organizations implementing cloud solutions should prefer to partner and collaborate with software vendors, such as Topdown, who take cloud security seriously. When looking for that vendor, be sure that they not only use the latest security products and protocols, but that they also leverage security providers to help guard and monitor their cloud application hosting environment.
We highly recommend reviewing our security white paper to gain a better understanding of how we address the importance of knowing what your IT assets are and how they are used, to wit: “IT and admins should not have to guess what their IT inventory consists of, who is accessing those resources, or what kinds of actions users execute on these resources.” Our report emphasizes that when looking for a vendor you should be sure they have these capabilities as table stakes before proceeding:
- Audit and trace
- Logging and monitoring
- Threat protection
- Penetration testing
- Incident handling
- Data security
As Forrester forecasted, the “coming of age” for cloud computing would arrive in 2019. And it did. You may feel safe in assuming that by using a cloud service platform, anything done in the cloud will be secure. However, security is not automatic: it must be integral to your selected toolset and provider, not to mention it must be closely monitored and maintained.
Get in touch with Topdown to find out more about our rigorous and dedicated approach to cloud security.
About John Zimmerer
John Zimmerer is the senior director of marketing at Topdown, where he leads market research and outreach efforts for the company's customer communications and customer experience products. Most recently, John has been researching and writing about the future direction of the technologies that power customer experience, and is regarded as a thought leader in this area. John has nearly 20 years of software product marketing experience. His areas of expertise include market research, analyst relations, public relations and digital marketing.