[av_image src=’http://www.848.co/wp-content/uploads/2015/09/CloudSecurity.fw_.png’ attachment=’43232′ attachment_size=’full’ align=’center’ animation=’left-to-right’ styling=” hover=” link=” target=” caption=” font_size=” appearance=” overlay_opacity=’0.4′ overlay_color=’#000000′ overlay_text_color=’#ffffff’][/av_image]
‘Security in the cloud’ is a hell of a title- and one that will no doubt bring a bead of sweat to the brow of many a CIO. Yes, we want all the OPEX over CAPEX benefits, we need deep collaboration, quick and agile application changes, and clean and seamless integration. BUT what if we get hacked and become the next big story of a company losing personally identifiable information?
It is little surprise then that ISO have a standard to cover personally identifiable information in the cloud. Published in August 2014, it brings a framework of objectives, controls and guidelines to help us implement effective measures and protect personally identifiable information, maintaining security in the cloud. This is defined as any information that can identify the PII principal. Definition can be complex, especially when disparate data sources are brought together through big data or business intelligence.
Interestingly, a data breach can occur not just by releasing the information, but indeed by unlawfully or accidentally destroying it. Deleting a record by mistake is quite a common problem.
Without starting to explore the depth and breadth of the topic of security in the cloud (a topic which could fill a warehouse, let alone a simple post), the importance of picking cloud services from trusted vendors is clearly important. For example, Word Press- which according to its own site powers more than 23% of the top 10 million websites– can be made to trap data such as names and addresses….personally identifiable information. How secure is your ISP, your site, your infrastructure?
Perhaps this explains why large organisations providing secure cloud services are starting to gain market shares. They are all conscious of the security question and have the resources to focus on the issues. In fact as an example, Microsoft have achieved ISO/IEC 27108:2014 for their Microsoft Dynamics CRM Online.
So cloud really changes the picture- not because it is inherently insecure, as nothing can be, but instead because it enables fast change and empowers users to employ technology stacks, which were once under the control of IT departments. Understanding this and embracing the advantages is paramount to developing a rounded business process, to enable and control the use of this information, and to guarantee your security in the cloud.
A simple first step, pick a platform that has security built in and is a focus for its provider. That way you have at least started your journey in the right direction.