Cloud Data Security: Risks And Solutions

by CXOtoday News Desk    Dec 02, 2014

data security

Data is fundamental to today’s digital business and protecting it from hackers is the prime concern of enterprises. Data loss will not only affect company’s reputation but will impact competitive advantage.

Cloud computing has become mandatory to manage accumulating data, necessitating innovative solutions to keep the data security fears away.


According to a study by Fortinet, 63% IT decision makers admitted to abandoning or delaying at least one new business initiative because of IT security concerns. But if done in a proper way, enterprises need not worry about losing their Cloud data to thefts.

“Organizations must act now to address the impact of the growing threat environment and increased scrutiny on IT security, re-evaluating their goals to ensure they strike the right balance and achieve resilience in the face of cyber threats,” says  Rajesh Maurya, Country Manager, India & SAARC, at Fortinet. 

IDC predicts that the public cloud market will grow by 23% per year, over the next five years from around $48 billion today to $130 billion by 2018.

Cloud computing offers huge savings in cost, and ensures flexibility and agility, but it is essential for businesses to understand  the basics so as not to end up in huge losses. Unless the cloud infrastructure is designed and secured in a proper way, it certainly stands exposed to data privacy concerns.

What should enterprises do

Dr. Larry Ponemon, chairman and founder of the Ponemon Institute says: “To create a more secure cloud environment, organizations can begin with simple steps such as including IT security in establishing security policies and procedures; increasing visibility into the use of cloud applications, platforms, and infrastructure; and protecting data with encryption and stronger access controls, such as multi-factor authentication.”

First, businesses must get their context right; need to have clarity around the organizational goals, business needs and the risks associated with it, and then consider which data must be hosted on the cloud. With players like VMware, Cisco, Amazon and Google offering cloud services, there is no dearth of service providers, but it is fundamental to choose the right one.

Multi-layer protection

Securing networks must be given utmost importance, especially if the company deals with software services. Companies must not think twice about investing in world-class network security.

“Enterprises must develop a security framework that includes several different security protocols like multifactor authentication, role-based access controls, effective log monitoring and management, ongoing application vulnerability scanning and security governance in accordance with existing standards,” says Ashish Thapar, Head – Professional Services, Asia, Verizon Enterprise Solutions.

As companies store more data in the cloud and utilize more cloud-based services for their employees, IT organizations need to place greater emphasis on stronger user access controls with multi-factor authentication.  This is even more important for companies that give third-parties and vendors to access their data in cloud, according to a study by Ponemon Institute.


IT organizations can accomplish their mission to protect corporate data while being an enabler of “Shadow IT” by implementing data security measures such as “encryption-as-a-service” that allow them to manage the protection data in the cloud in a centralized fashion as their internal organizations source cloud-based services as needed, says Ponemon Institute.

The cloud centralizes the delivery of software services, hence the traditional IT security methods may not work.

Besides encryption and two-level authentication, Vishak Raman, Sr. Regional Director- India & SAARC, Fortinet recommends scanning applications on a frequent basis to check for vulnerabilities in the cloud.

Outsource network security

Quoting recent studies, Thapar says that businesses that outsource network security and management to external vendors can be less exposed or vulnerable to breaches.

“Most enterprise-class cloud providers have rigorous security protocol in place (for their own business models to be successful) and, in many cases, enterprises that outsource to a cloud provider can improve the security controls for their organization,” he says.

 Ensuring tight security requires one to do risk assessment.And those without the resources or skill to perform network vulnerability assessment must go for a managed service security provider.