Finding equilibrium between business and security in the cloud

As companies of every size attempt to become more efficient and cost effective, firms are increasingly moving their operations to the cloud. This trend has been reflected in the proliferation of cloud services available, with the average European enterprise now using 1,038. With benefits including lower costs, faster implementation and a better user experience, IT departments are frequently being asked to replace aging desktop applications with more agile cloud-based alternatives.

As businesses realise that the cloud can benefit other aspect of operations, many are migrating entire record systems to the cloud. This is a new phase in cloud adoption and one that is posing a challenge to IT departments. Now IT is caught between delivering technologies to support innovation and growth in the business and securing sensitive data against proliferating cyber threats.

Alongside the Cloud Security Alliance (CSA), Skyhigh Networks conducted a research survey to discover how the role of the IT department has changed and the barriers which are still preventing a seamless migration of systems of record to the cloud.

Hackers have businesses over a barrel

Perhaps unsurprisingly, the fear of a cyberattack and the potential compromising of sensitive business data is a hurdle. Of the potential cyberattack ramifications, a loss of reputation and trust is the greatest concern followed closely by financial loss. This concern is well placed, as it has been reported that Sony had to pay out $35 million to deal with the immediate aftermath of its breach. Moreover, external analysts predict that it could cost another $83 million for it to completely rebuild the damaged infrastructure.

A common trend in 2015, the hackers also attempted to blackmail Sony in the days leading up to the breach. While it’s unclear whether the company could have prevented the data dump had it answered the demands, the CSA survey revealed that, if faced with the same situation, nearly a quarter (24.6 per cent) of companies would be willing to pay a ransom. More worryingly, 14 per cent indicated that they would be willing to pay an amount in excess of $1 million. This highlights the fear that many have of suffering a data breach but also the high level of ignorance to trust that hackers wouldn’t follow through with releasing the data anyway.

The Chief Information Security Officer (CISO) is becoming instrumental

Considering the impact that a major breach can have on an organisation, information security is becoming an increasingly important function to reduce the risk of such incidents. Consequently, the position of CISO has become more popular and 60.8 per cent of organisations now have one in place to manage their information security teams. While the role can vary between firms, tasks often include setting security policies, overseeing regulatory compliance and taking responsibility for data privacy.

However, with what is a relatively new position, a growing concern is the lack of skilled individuals to fill such roles. Without the security professionals needed to mitigate the risk of data loss in the cloud, businesses are unable to maximise the full value of new technologies – 30.7 per cent view this as a barrier. Moreover, for those businesses with a CISO, there remains confusion around structure. Some argue that since information security is a core aspect of information technology, the CISO should report to the Chief Information Officer (CIO) and 41.8 per cent of organisations are set-up in such a fashion. On the other hand, some believe that the CIO’s mission to enable the business with new technology conflicts with the CISO’s mission to protect the company’s information and, therefore, they should report straight to the CEO. 32 per cent of organisations have this structure in place.

New regulations are causing a headache

Another barrier to cloud migration is compliance with regulations with 61.2 per cent of companies viewing it as a major hurdle. One of the most significant new regulatory schemes is the upcoming EU General Data Protection Regulation, a new framework that introduces extensive requirements for any organisation doing business in Europe or storing data about EU residents. Despite the strict fines that companies may incur for violations of the new law – €20 million or four per cent of global revenue (whichever is higher) – only 14.4 per cent of global companies are fully prepared to meet its requirements. More alarmingly, just under a third (31.8 per cent) of European organisations are not aware of the law, revealing that IT departments, CISOs and compliance teams must work more closely to get their organisations ready.

Increasing confidence

To conclude, the trend of migrating systems of record to the cloud is one that is only going to increase. Customer Relationship Management (CRM) programs are currently the most commonly used cloud-based system of record (36.2 per cent of businesses are utilising one) but IT services management (31 per cent) and human resources management (24.4 per cent) are close behind. Barriers to cloud migration do remain but businesses are adapting to overcome them, such as with the hiring of CISOs. There’s an increasing confidence in the cloud and the fear which once existed around its security is steadily diminishing, with 64.9 per cent of companies now believing that the cloud is as or more secure than on-premise software. Ultimately, while the cloud continues to provide lower cost, faster implementation and a better user experience, more businesses will view migration of records as the next step in their strategy.

Nigel Hawthorn, chief European spokesperson, Skyhigh Networks

Image Credit: Shutterstock/Maksim Kabakou