Cloud
The unsecured cloud – true or not?
November 12, 2018 | Written by: Mathias Persson Olander
Share this post:
It’s not uncommon to meet organizations avoiding cloud hosted IT solutions for security or data control reasons. But are cloud services really less secure than an on-premise solution?
Some common objections against using the cloud are usually based on an organization’s need to control their data. This can be related to regulations and compliance but most often a concern for data security is a major factor. All in all, we care about our data, and that is perfectly understandable, especially in times of GDPR and increased focus on information security. For these reason business systems and data are often managed in an on-premise environment.
However, is the cloud really less secure than an on-premise alternative? I general, the answer is actually no. The security measures larger cloud vendors put on protection of the data is often of a much higher standard than most small or mid-size organizations will achieve. Therefore by not using the cloud, in order to be compliant with internal policies, organizations may actually instead reduces their overall information security posture with higher business risk as a consequence. Furthermore, many cloud service providers invests heavily in data center security and compliance. As a result you will among the more serious cloud vendors find compliance with industry standards such as ISO 27001 and SOC I and II compliance.
Thus the overall objective of data security compliance (including confidentiality, availability and integrity of data) might be missed by an organization keeping its data in self managed on-premises environments.
So is it a question of compliance and security vs cloud? The answer is no, in most cases*. You can use cloud and still be compliant with i.e. data access controls requirements, encryption standards and industry regulations. As an example IBM Cloud follows strict industry compliance requirements . There is also already controls in place for your data’s privacy and protection.
Finally, most organizations already utilizes cloud hosted applications and services to some extent. A not uncommon example is Shadow IT among users. So instead of investing efforts to stay away from the cloud efforts should be spend on secure cloud usage.
*There are of course situations where cloud is not applicable like some cases of national state security, but then that data should of course be protected on the highest level.
For any further questions do not hesitate to contact me at: mp.olander@se.ibm.com
Security Channel Manager IBM Global Markets - Cognitive Solutions Unit Industry Platforms
Data Democratization – making data available
One of the trending buzzwords of the last years in my world is “Data Democratization”. Which this year seems to have been complemented by “Data Fabric” and “Data Mesh”. What it is really about the long-standing challenge of making data available. It is another one of these topics that often gets the reaction “How hard […]
How to act in the new regulation of financial sector
Our world is changing. Because of that regulators around the world are taking ambitious steps to improve the sustainability of the financial sector and guide capital towards sustainable economic activity. Especially in EU we are seeing a high level of regulations. These regulatory interventions present complex and sensitive legal challenges for financial sector firms, which […]
10 Questions regarding SDG to the company’s management and board
We have all together manged to create the most serious sustainability deficit and our greatest challenge is the ecological debt – a dept which we are running up by overusing and depleting our natural resources and thereby threatening our ability to meet the needs of future generations. Worldwide, the strains on key resources, from fresh […]