Listen to our podcast on cybersecurity in the cloud: https://ap.pn/2K0dQhS
The explosion of cloud computing has connected more people than anyone ever imagined. But the massive numbers of companies migrating to the cloud has also amplified the urgency of data security and regulatory compliance as well.
The skeptics get snagged on lingering assumptions that cloud technology is insecure. But it’s hard to be skeptical when the best cloud vendors may be more expert at cybersecurity than many inhouse IT administrators.
Perhaps the trust gap is perpetuated by the numerous data breach horror stories that litter the Web. But don’t let the cyber smash and grab headlines stop you from giving cloud the benefit of the doubt.
In our thought-provoking podcast, Malcolm Ross sat down with Appian Chief Information Security Officer, Omesh Agam to take a fresh look at how to keep your data, applications and infrastructure secure in the cloud. Listen now: https://ap.pn/2K0dQhS
2. The explosion of cloud computing has
connected more people than anyone
ever imagined...
But the massive number of companies
migrating to the cloud has amplified the
urgency of data security and regulatory
compliance.
3. Cloud Migration Is Relentless
It turns out that 96% of today’s enterprises are using
at least one public or private cloud, according to
RightScale’s 2018 State of the Cloud Report.
Forrester’s experts predict that public cloud
expenditures will grow from $146 billion in 2017
to $236 billion in 2020.
Approximately 80% of tech company professionals are
using cloud-based apps, according to Citrix.
At companies with flexible workplaces, 57% of
professionals are working in the cloud.
4. Don’t Get Snagged on the Insecurity Myth
The skeptics get snagged on lingering assumptions that cloud
technology is insecure.
Perhaps the trust gap is perpetuated by the numerous data
breach horror stories that litter the Web.
But don’t let the cyber smash and grab headlines stop you from
giving cloud the benefit of the doubt.
“You have to institutionalize security as part of your business model.”
- Omesh Agam, Chief Information Security Officer at Appian.
5. Raising the Bar on Security Standards
“We have a myriad of compliance certifications
that we have to maintain to provide a base level of
assurance to customers, as well to ourselves, that
we're operating in accordance with the highest
security standards.”
- Omesh Agam
6. Cyber Attacks Spreading Like Wildfire
Anywhere from 300,000 to a million viruses and other
malicious software products are created by hackers every
day.
This includes the usual suspects—DDoS attacks, data
breaches, ransom demands, and theft of proprietary
information.
And that’s just the tip of the iceberg.
From a business standpoint, cybercrime drains a staggering
$600 billion a year from the global economy, according to
the Center for Strategic & International Studies.
!
7. Cloud Is Safer than Many Legacy Systems
Gartner predicts that worldwide security spending will reach
$96 billion in 2018, up 8% from 2017.
CNBC recently reported that cybercrime is the fastest-growing
crime in the U.S.
In 2018, the 60% of enterprises that implement the right cloud
security tools will experience one-third fewer security failures.
Through 2020, public cloud Infrastructure as a Service
workloads will suffer at least 60% fewer security incidents than
those in traditional data centers.
Through 2022, at least 95% of cloud security failures will be the
customer’s fault.
HACKED
8. The Security Risk Is Marvin in Marketing,
not the Cloud
Human error is the main cause of security breaches.
Yep, it’s usually just Marvin in marketing, who unknowingly
downloads a malicious file and exposes your organization
to cyber attacks.
On average, employees receive less than two hours of
security training per year, according to the FPA study.
48% of enterprises don’t have an employee security
awareness program, according to Forbes.
9. Compliance in the Cloud
On the compliance side, the best cloud services cover all
of the major security domains and controls, including:
Association of International Certified Professional
Accountants (AICPA) cybersecurity risk management
reporting framework
Payment Card Industry Data Security Standard (PCI DSS),
which is an international framework for data
security standards
Health Insurance Portability and Accountability Act of 1996
(HIPAA), which is US law that provides data privacy
andsecurity provisions for safeguarding medical information.
10. Sharing the Control Stack
Without the enormous security intelligence capability of
a cloud platform, detecting suspicious patterns in massive
amounts of operational data would be like mission impossible
for most enterprises.
Managed cloud services makes it easier to keep up with
security upgrades and scale up operations at speeds not
possible before.
“Now, that doesn’t mean you can forget about compliance
in business and security requirements.”
- Omesh Agam, Appian
“It means moving towards a shared controls framework. And what that
means is that you’re now sharing the control stack with someone else.”
11. Continuous Multi-layer Monitoring
At Appian, we have continuous monitoring of multiple layers
with our infrastructure providers at their physical hardware
level, their data centers, servers, and platform level as well.
“You don’t get to ignore basic logging and monitoring hygiene just
because you’re using a SAAS provider.”
More than 85% of enterprise IT organizations will commit to
multi-cloud architecture by 2018, according to IDC.
About 75% of developer teams will include cognitive/artificial
intelligence functionality in cloud applications. And most of
these will be sourced from the cloud.
12. Are You Ready for General Data
Protection Regulation?
With the implementation of GDPR, companies will have to report data
breaches to regulators—and inform customers—within 72 hours.
And the cost of non-compliance? In a word, steep. Violators could get
hit with a €20 million euro fine, or forfeit up to 4% of their global
revenues, whichever is greater.
GDPR hasn’t stopped digital leaders from migrating to the cloud.
To put things in perspective, public cloud spending will grow at nearly
seven times the rate of overall IT spending, according to IDC.
By 2020, public cloud spending will reach $203.4 billion worldwide,
from an estimated $122.5 billion in 2017.
€
13. Experts: Public Cloud to Continue Trending Up
So, if you’re thinking about stepping up to cloud adoption,
but you’re worried about data security in your enterprise
operations, what should you do?
Take stock of your most critical internal assets, and
understand how data flows both inside and outside
your organization.
Number one, from your own internal organization, you
should take stock of your most critical assets, and
understand how data flows inside and outside your
organization.
14. Know Security Requirements for Your Data
It's essential to know your data security
requirements, because that'll let you have a more
open and honest conversation with your cloud
vendor’s security officer about your compliance
and regulatory requirements.
15. Security Review Not Just Cloud Vendor’s Job
It’s a continuous process that’s continuously evolving. You should
constantly maintain it, which means conducting security
reviews on a regular basis.
Conduct audits by reading your vendors audit reports, their SOC
reports, their PCI reports.
The essential lesson: Take a policy-based approach to controlling
what people can and can’t do with your business-critical
data, across your organization.