Skip to main content

How to create an effective cloud security strategy

Cloud technology has started to reach its maturation point – it's a major part of almost every IT strategy, and is used across all industries all over the world. Gartner predicts (opens in new tab) that the bulk of new IT spending by 2016 will be for cloud computing platforms and applications, with nearly half of large enterprises having cloud deployments by the end of 2017.

Why is cloud so important? It's because each and every one of us wants to start using our mobile devices for business, as seamlessly as we do in our personal lives. This ability to work from anywhere is enabled by the convergence of cloud and mobile technology, so that we have constant access to the content we need.

Read more: How hackers can actually make your business stronger (opens in new tab)

One of the biggest concerns companies have around cloud technologies is the security of their digital content. Companies manage sensitive data, ranging from product plans to employee personnel files, all of which need to be secure. Thus, it's important for companies to map out a specific cloud security strategy before storing and sharing their business data via cloud solutions.

There are five key areas that are crucial to consider.

Encryption keys

The encryption of sensitive data is what makes cloud technology possible. It ensures that important information doesn't get accessed by the business that actually stores its data right next to mine in the same cloud. However, for a secure cloud strategy, businesses need to choose vendors that give them ownership of the encryption keys that protect their corporate information.

Private cloud

Any organisation worth its data should be concerned about securing that information. The best way to ensure that your cloud content is secure is to deploy a private cloud, either hosted or on-premise. This means that your data is not co-mingled with anyone else's, and also guarantees that only authorised people can access your sensitive information.

Read more: The five biggest cloud security concerns explained (opens in new tab)


A key part of being secure is making sure that your data is compliant with relevant industry regulations. This could mean complying with government impact levels here in the UK, or dealing with HIPAA requirements in the US. This could, for example, mean that data has to be stored in the country in which it is created. Ensuring that a cloud solution is compliant with those data restrictions will mean that your organisation will not be fined for non-secure data privacy practices.

Mobile integrations

An important element is how your cloud security strategy extends to the mobile devices that will be used to access cloud solutions – its naïve to believe that the two wouldn't connect. You need to choose cloud-based solutions that ensure that authorised users and access rights will operate the same way for those accessing the network from either a desktop in the office, or a mobile device on a train.


Even if you take all of the above security steps, human behaviour can still undo all ofyour hard work. This is why it is essential to ensure there are usage policies both for cloud solutions and mobile ones. This will of course include bring your own device (BYOD). Set a policy in language that non-IT versed employees will understand. Explain the risks of important documents not leaking out of the organisation and ensure that everybody understands which consumer-based services are out of bounds and why.

Read more: The best free security and encryption software (opens in new tab)

Every company's cloud security strategy will be different, based on the kind of data they're sharing and storing, as well as the size of the operation. However, for anyone getting started, these five elements are a good starting place to map your strategy to.

Jes Breslaw is the director of cloud solutions and marketing for EMEA at Accellion (opens in new tab)

Jes Breslaw is the director of strategy for EMEA at Delphix. Jes has expertise in taking early stage start-ups to IPO/acquisition, and is responsible for driving pan-European lead generation programmes.