OAKBROOK TERRACE, Ill. -- While the shift from in-house to “off premise” or “cloud” technologies ramps up, a recent study showed that 66% of senior executives don’t have a full understanding of the risks.
At the same time, 77% of organizations trust the cloud more now than a year ago, according to Intel Security, Santa Clara, Calif. Its latest study surveyed 1,200 cloud-security decision-makers in eight countries about challenges and priorities surrounding cloud security.
The trust is evident in how 80% of information technology (IT) budgets will go to cloud computing services within 16 months, respondents said, while 79% of companies plan to invest in security-as-a-service.
At the recent Conexxus c-store technology standards meeting held earlier this month in Tucson, Ariz., panelists discussed the issue. Paul Truitt, vice president of cybersecurity services SageNet, Tulsa, Okla., said a “disconnect” often exists between a company’s physical IT infrastructure and their public applications, resulting in a security gap. An example is when a company tries to simply push their existing IT solution into the cloud.
“[Cloud solutions] carry a dynamic nature that’s more difficult than on site,” Truitt said, with one example being how third parties may not always use the same bank of computers at any one time. “You don’t know what data center is used, so following the host is key.”
Issues can arise when trying to do a forensic audit, for instance, Truitt said.
Understanding that on-premise and cloud solutions have unique structures and advantages is a key step, said Conexxus panelist Patrick Ohler, enterprise sales manager, DataPipe, Jersey City, N.J. Beyond security, retailers need to grasp the pros and cons of both. What they don’t want to do is “keep the worst part of the old infrastructure and [underutilize] what off-premise has to offer.”
Authors of the Intel report also asked executives for tips on how to approach data security involving third-party or cloud providers:
- Integrate up and down the stack and across deployments. The Intel Security study found that the average organization uses 43 different cloud services, with only 35% using integrated solutions. Typically a company develops private cloud solutions and moves them into a public cloud, which can create complexity and potential vulnerability. A recommendation is encryption methods that work across both private and third-party platforms.
- Protect in real-time—and never stop learning. Gone are the days of becoming compliant just before an audit or reacting after an incident occurs. As cloud technologies and related security practices evolve, security professionals must stay attuned to changes.
- Be a team player. End-to-end security requires visibility across public, private and on-premise systems. Such visibility often means communication and collaboration with both internal and external stakeholders. Security becomes a “team event.”
Retailers should not let security uncertainties keep them from taking advantage of cloud solutions, Ohler said. “The cloud has a low barrier of entry," he said. "Find out what works and go for it."
Members help make our journalism possible. Become a CSP member today and unlock exclusive benefits, including unlimited access to all of our content. Sign up here.