Any business migrating workloads and data to a cloud environment will be acutely aware of the security risks involved.
As cloud adoption has matured, the security needs of many businesses in the public cloud have been met by the big cloud providers. However, organisations looking to implement private and hybrid clouds also need to be aware of the risks involved in provisioning the infrastructure, and find ways to ensure uniform security policy compliance across both the cloud based and traditional on premise environment. Sometimes this will involve appropriate due diligence of the chosen cloud service provider, or maybe adapting internal security policies to fit with the new business model.
Additionally, one of the little discussed factors in cloud adoption is the end user. User self-provisioning, where an employee purchases or subscribes to 3rd party apps and services for corporate use, without approval from the IT department, has led to ‘shadow IT’ becoming a major security concern for many businesses of all sizes. Platforms like Dropbox and Google Docs are undoubtedly great tools, but if they don’t meet a company’s exact compliance requirements or if the user’s password is too simplistic, they become a big security risk.
“A lot of the recent hacks we’ve seen, especially ones that have been around cloud-oriented services, have been major disclosures of user names and passwords” said Simon Leech, Chief Security Technologist, Hybrid IT, Hewlett Packard Enterprise. “We need to think about other ways of protecting that information, and there’s a lot the user can do for themselves.”
Listen to the full podcast interview with Simon below:
Learn more about HPE Cloud Security and download the Critical Security and Compliance Considerations for Hybrid Cloud Deployments report by 451 Research.
Download the Cloud Security Alliance report here.