As an executive for a consulting company that specializes in “Managed Services” for both on-premises applications and those in the cloud, our team must focus on the needs of Cybersecurity in today’s world. The question clients and prospects constantly ask, “How does moving to the cloud change our focus on Cybersecurity?”
No one answer applies to all! That’s right. What is critically important to your company regarding security completely depends on the size of your company and your current investment in Cybersecurity.
So, let’s get into the top three questions you should address when moving to the cloud.
1. When moving to the cloud, who is responsible for Cybersecurity? Us or the cloud vendor?
It is important to point out that all cloud vendors do what they can when it comes to Cybersecurity at a macro level. But in the end, if a customer’s data is compromised, it is the organization that is responsible. Therefore, just because you’re using cloud computing, it doesn’t mean you can let your guard down.
The two most common causes of data breaches in the cloud are:
- Misconfigured access restrictions on storage resources
- Improperly secured systems
What does this mean? It means you must put Cybersecurity at the center of your build and the management of your cloud tenancies.
2. What are cloud vendors doing to make it easier to transition the work related to Cybersecurity?
Cloud vendors invest a tremendous number of resources into their security and the product they provide to their customers. It is in the best interest of these vendors to make the task of building, managing, and supporting security as straightforward as possible.
The major players, including Amazon (Amazon Web Services), Microsoft (Azure), Google (Google Cloud Platform), and Oracle (OCI), have invested a lot of Research and Development dollars in the use and management of the applications, products, and appliances they offer to their customers. These vendors have one form or another of a “Command Center” with security as the central brain.
As an example, some of these functions act as a scanner to look for vulnerabilities based on the rules you as an organization need to apply. In addition, almost all vendors have best practices in place and channels set up to guide, support, and ensure your organization’s systems and data are secure. Do not hesitate to tap their knowledge!
3. Could moving to the cloud improve our current Cybersecurity plans?
The answer to this question depends on your current investment in Cybersecurity (people, processes, and tools). Small to mid-size businesses are particularly vulnerable to cyberattacks, mainly because they don’t have the resources to invest in their Cybersecurity programs. These organizations should look at moving their critical applications, and eventually all of them, to the cloud. This is based on the fact that they can improve their overall security because cloud vendors have some of the most robust security in the IT space.
One of the greatest challenges of moving to the cloud comes from the internal organization, specifically IT managers because their natural inclination is to keep data where they have the most perceived control over it. Therefore, the decision to move to the cloud for better Cybersecurity should be based on your current investment in Cybersecurity, as well as the level of support from your IT organization, as they will have to maintain it in conjunction with the on-premises model (which we will cover in our next blog!)