Cyberattacks are Moving to the Cloud: Develop Your Security Plan
This should come as no surprise – With the increased popularity of the cloud, cyber attacks have followed in its wake, with Sophos reporting a 45 percent increase in cyber attacks in the cloud during 2015. It’s been a steadily alarming trend. Two years ago, Alert Logic’s Cloud Security Report noted that brute force attacks on cloud environments had spiked to impact 44 percent of its customers, up from 30 percent in 2013.
In response to the growing threats, spending on information security is climbing, with the research company Gartner predicting that the industry will hit $81.6 billion in sales this year — a 7.9 percent increase from last year.
While you may have a thorough security plan for your physical location, developing a security plan for the public cloud may not be as clear-cut. Following are several top considerations for developing a security plan for the cloud.
Choose wisely: Before embarking on a hybrid strategy, consider which data is more appropriate for the cloud and your physical data center facility. More sensitive information, such as social security numbers and contact information for employees and clients, may not be appropriate for the public cloud. This can include intellectual property like credit card/bank information and medical records.
Discuss responsibilities: It’s important to determine upfront what your cloud vendor is responsible for when it comes to security, as well as your company’s responsibilities. Cloud service providers offer a wide array of security capabilities. Research and compare those offerings, but at the same time be aware that it’s your company’s responsibility to ensure the security of important data, especially in cases of compliance requirements. Make sure you reinforce that security with overlay architecture.
Designate a security team: Select the team within your organization who can develop a security policy, including who should have access to data, who has encryption information and how a data backup plan should be implemented. Task them with aggressively staying abreast of innovations and best practices that can minimize the risks of data breaches.