Cloud adoption in the nonprofit and association community has continued to rise year over year, according to 2015 Nonprofit & Association Technology Trends. With tens of thousands of associations hosting sensitive data in the cloud, and thousands more seeking to adopt this technology, it's not hard to image the phrase "is the cloud secure," being uttered.
5 Things You Need To Know About Securing Sensitive Data In The Cloud:
1. Identify Sensitive Data
Organizations are hacked every day, we just don’t hear about them unless they are a high profile organization, such as Apple's iCloud, Sony \Pictures, Target, and more.
In a world of evolving technology, and more sophisticated attacks, nothing is 100% secure. It's imperative that your organization takes initiative to determine security and privacy requirements of highly sensitive data by assigning a Data Sensitivity Rating to systems which are mission critical, such as your financial applications. Identifying data by sensitivity and business impact eliminates treating all data the same, thus providing enhanced levels of security.
2. Cloud Provider's Reputation
In a 2015 report, 56% of CIO's surveyed said they trust the ability of cloud service providers to protect their sensitive data entrusted to them. (Source:Silicon Angle) Tweet this stat!
It’s in the interest of cloud service providers to protect your data from being accessed by unauthorized users. One security breach can forever tarnish the provider’s reputation, and in extreme instances put them out of business. The security of your data is directly connected to their survival and bottom line, and therefore their reputation.
3. Public vs. Private Cloud Security
Public Cloud
Often referred to as Software as a Service (SaaS), public cloud is a shared, multi-tenant environment, where resources are allocated among many users. Public cloud is still secure, but has the limitation of lack of control and ability to customize security configurations due to the shared environment. In addition, a targeted breach of a single organization or user can affect everyone within the shared environment. Apple fell victim to this with the targeted attacks of celebrity accounts in iCloud, which exposed the overall potential risk to all iCloud users.
Private Cloud
In contrast to the shared environment of public cloud, private cloud referred to as Infrastructure as a Service (IaaS), restricts access to users within your organization. This solution provides more control of the environment and eliminates the limitations of public cloud by allowing for customized security policies to be implemented, specific to your organization's needs.
4. Enterprise Security Benefits
Cloud service providers focus on securing their infrastructure by investing hundreds of thousands of dollars on enterprise grade systems, which are specifically designed to protect their customer’s data. Owning an infrastructure of this caliber is unlikely to be an available option for small to mid-sized associations, as the cost is too great.
5. Physical Control of Data
The physical location of your data is meaningless compared to how your data is accessed. As previously mentioned, cloud service providers make significant investments into the security of their infrastructure. Organizations who are unable to invest the capital required to maintain a greater level of security are more vulnerable these threats. Cloud services alleviate the significant upfront expenditures involved in securing your data by providing the technologies and expertise required to implement those solutions.
So... What's The Answer? Is The Cloud Secure?
In one word, yes, the cloud is secure - provided your organization takes responsibility of securing sensitive data. In addition to this, finding a strategic technology partner to aid in proactively securing your systems will further protect your organization from future attacks, or in extreme cases loss or exposure of data.
There is a negative public perception about the security of data in the cloud. The idea that an on premise system is more secure and not as vulnerable to outside threats is outdated. It's time we put these concerns to rest so those who have migrated to the cloud, or on the fence, can have peace of mind on this issue.