Cloud Service Providers must also be Cloud Security Providers

As organizations turn to cloud service providers (CSPs) and managed service providers (MSPs) for business-enabling services, such as infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS), they also need these service providers to protect them from business-disabling risks, such as the cloud data breaches that frequented news headlines last year.

Even though one of the business drivers for leveraging cloud services is to lower IT costs, the reality is “budgets are on the rise, especially for cloud security,” Sue Poremba blogged, “as more IT professionals and service providers understand the risks involved in a potential network attack.” However despite understanding the risks, “IT personnel are often not prepared for the challenges involved in cloud security, such as full knowledge of the type of data stored in the cloud or who is accessing that data. There may be confusion about who is responsible for the security of the data stored in the cloud, who is in charge of making sure all regulations and compliance issues are met, and who manages access of the cloud.”

Cloud-based services, by their very nature, include technology that’s not under your control and, because of the symbiotic relationship between the cloud and mobile, are often accessed using mobile devices that are not under your control. However, with an increasing percentage of enterprise data constantly in motion as moving targets in a hyper-connected world, your data needs to be secured wherever it is, however it is accessed, and with the appropriate levels of control over who can access what.

“Despite continued assurances from big infrastructure and small startup providers alike,” Doug Bonderud blogged, “there is the possibility that data could go missing, be irrevocably altered, or even completely destroyed.” This why Bonderud recommended “CSPs design with security in mind from the ground up. This includes infrastructure, platform, applications, and anything that a company will use to access the cloud. In some cases, this means taking a harder line with third-party providers or choosing new partners altogether, since a single failure or the perceived risk of failure can leave an indelible impression on companies considering a move to the cloud.”

While preventing data loss must be a top priority, it’s important to remember that “even if you trust the most reliable cloud services with your data,” Dan Virgillito explained, “things can go awry at any point and a crash/failure may permanently destroy some data. Cloud data is vulnerable to the same threats as the internet as a whole.” Those threats include cyber-attacks, password hacks, and server crashes. This is why some are suggesting cloud service providers start offering cyber security insurance.

The bottom line is that to meet your service level agreements and protect your business and your data from unauthorized access, cloud service providers must also be cloud security providers.

This post was brought to you by IBM for Midsize Business and opinions are my own. To read more on this topic, visit IBM’s Midsize Insider. Dedicated to providing businesses with expertise, solutions and tools that are specific to small and midsized companies, the Midsize Business program provides businesses with the materials and knowledge they need to become engines of a smarter planet.