How To Conquer Enterprise ‘Cloud Phobia’

Featured article by Vishal Gupta, CEO of Seclore

We humans have a natural fear of the unknown where things feel insecure and unsafe. Just think about it, how many times as a kid were you scared to sleep with the lights off because of what potentially hid under the bed? Or how about the time you wouldn’t go in the ocean because you were convinced the great white shark from Jaws was lurking, just waiting to devour you as a midday snack?

As silly as these fears are to us now, as adults we still have fears of the unknown. In business, IT executives experience similar anxiety when adopting new technology. Cloud-based platforms and solutions, for example, promise immediate cost and efficiency savings. Spending on public cloud infrastructure is forecasted to reach $173 billion by 2026. While enterprises are certain about cloud computing’s benefits, justifiable “cloud phobia” is still prevalent among businesses.

Why the cloud is irresistible in spite of the security risks

One of the pros and cons of the cloud is that it makes it easier than ever before to collaborate and share vast amounts of sensitive information with employees and partners. Yes, cloud solutions promise immediate cost and efficiency savings, however, it also brings the questions of security risks to light.

Cloud solutions certainly improve collaboration across and outside of the organization, but they put information at risk of getting into the wrong hands. A recent survey shows that employees are willing to put sensitive data at risk for the sake of efficiency. In fact, 29 percent of employees admitted they do! We see that confirmed by the dramatic increase in employees’ using unauthorized cloud-based applications to share and store work-related information. Consider an employee working on a project with a third-party consultant. To make it easier to collaborate on the project the employee shares sensitive files via unsecured personal cloud-collaboration platforms like Box or Google documents. While his or her intentions are good, this action immediately puts that data at risk.

So how can organizations enjoy the benefits of the cloud without increasing the risk of information getting into the wrong hands? Many organizations are beginning to deploy data-centric security solutions to persistently protect information wherever and however it travels and is stored. Data-centric security goes a step beyond network security by ensuring company documents – emails, Word documents, PowerPoints, CAD documents and more – can only be accessed and utilized by approved recipients.

Cloud-based solutions also add complexity related to controlling access to information as employees move in and out of an organization. While employers would like to think the best of employees, reports estimate 40 percent of sensitive data is still accessible after someone has left a job.

Data-centric security: Making it easy to embrace the cloud

Data-centric security attaches persistent usage controls to the file as it is shared, controlling who can access the file, what actions they can perform on the file, for how long, and from which device/location. The organization can still engage in collaboration, whether through email or cloud-based platforms, while remaining in control of their information at all times. As data moves within and outside of the organization, be it for collaboration purposes or to share a final copy, there is always a chance for it to get in the wrong hands. By adding an extra layer of security to the file itself, embracing the cloud should come with ease.

As employees move in and out of an organization, protecting data at the document level can also reduce security risks. When employees depart, the organization can instantly remove access to all sensitive documents, even those that have been copied to personal devices or contained in personal cloud-based storage systems if data-centric security has been implemented.

What to look for in a data-centric security solution

There are several solutions that combine forces to fully protect information as it flows across and outside of the organization. These solutions range from data classification to data loss prevention and enterprise digital rights management. While the needs of the extra security layer differ from organization to organization, it is important for enterprises to explore the various solutions involved in data-centric security. The various solutions come together to ensure that all information, sensitive or not, is safe. Data-centric security solutions can also work together with cloud-based collaboration platforms and enterprise content management solutions.

It’s up to company IT departments, CSO’s and CIO’s to really decide what they need om a cloud provider and how whether the platform will work with other data-centric extra security solutions. They must consider first, what type of cloud platform they need, be it a public, private or hybrid cloud model, what type of data will be stored, if it can scale with the business and what data protection it provides. Once this is agreed upon, it will be clear what kind of extra data-centric security is needed.

“Cloud phobia” is unlikely to subside in the enterprise, nor should it. A little fear of the unknown – in this case, data theft, leakage and malicious cyberattacks – keeps business leaders on their toes in terms of security. Be cautious with new technologies, educate employees and consider adding extra layers of data-centric security to documents. Just like leaving the light on while you sleep, data-centric security solutions applied to every document stored in the cloud, shared via file-sharing services or traditional email will diminish our fear of the cloud while protecting our data.

  Vishal Gupta, CEO of Seclore