What do you consider the “edge” of security with your business information? You know, that outer perimeter that used to be defined by firewalls or passwords?
Between user adoption of the public cloud and business, that security edge is you. Specifically, it’s coming down to how you secure data shared and stored into the cloud.
For instance, the Ponemon Institute estimated that 79 percent of businesses leave cloud security up to the end user, according to its recent comprehensive cloud report. Separately, InformationWeek found that approximately 35% of businesses plan to run at least one “mission-critical” application in the public cloud within the coming year. This mix of cloud interest and security uncertainty is pulling businesses outside of their known limits for protecting data. As one security research analyst put it bluntly to us during a round of talks last week: “There’s no perimeter anymore.”
“No perimeter” doesn’t mean security is a lost cause. It does, however, prompt new ways or renewed approaches to enable work and still protect data.
The cloud vendors themselves promote encryption and security, though they only give partial coverage that includes the critical caveat that they are the ones holding the keys. (Or, put a different way last week by Ben Fried, CIO at Google, makers of public cloud environment, Drive, in a talk about Dropbox: “Your corporate data is being held in someone else’s data center.”) From traditional software vendors, there are different takes on securing users and data in the public cloud that involve app “containerization” or access gateways. We’ve spoken with one Midwestern insurance and investment firm that, in the process of shoring up their enterprise firewalls, kicked out external data connections by publishing an internal “shame list” of public cloud users. That seems extreme, though it at least takes a step toward acknowledging the end-user data security “exposure” challenge. In the workflow of people sharing, collaborating and working in the cloud, altering the way people have chosen to exchange data seems like a stop-gap or even chore. Arming them with security tools – encryption, authentication and security training across various devices, – prepares them in a data landscape where they’re increasingly the last line of defense.
We’re interested to hear how you’re sizing up the security challenges on the “front line” in the cloud: Are you locking down both files and personal devices, going after security of the data itself (full disclosure: that’s the path we take with our Viivo business and professional security solution), settling for “zero-value encryption”, or looking for a way to track cloud connections and use in the first place?