Cloud has grown significantly in recent years, and organizations are realizing its transformative value.
Acknowledging the benefits of the cloud, the Obama Administration announced the US Government’s Cloud First Initiative in 2011. Recently, this ambitious plan has taken center-stage with President Donald Trump signing an executive order on cybersecurity. The order mandates all federal agencies to move their IT systems into the cloud, and to prioritize purchasing shared systems in IT procurement processes.
This executive order will inevitably renew questions around the security and privacy of sensitive data. IT security has never been more important than it is now. With recent ransomware attacks crippling the UK health system, shutting down hospitals and paralyzing Germany’s national railway system, the repercussions of cybersecurity attacks can be wide-ranging—and severe.
In the wake of these attacks, big-scale data breaches, and the current elevated climate of data security, government organizations are highly sensitized to the need to ensure that their data and, specifically, the personal confidential information of citizens, is kept safe and secure. Citizens trust governments to safeguard their personal data. Once that trust is broken or compromised, it is often damaged beyond repair.
Perhaps this enormous burden to protect public information accounts for why so many government organizations are wary of adopting cloud services. According to a report by Netwrix, 87% of government agencies are fearful of moving to the cloud due to privacy concerns.
When it comes to cloud vs. on-premises security, perception is not reality
Not all government IT specialists are wary of the cloud. A study from the Cloud Security Alliance confirms that two-thirds of IT leaders are confident that the cloud provides equal or greater security than internal systems. And almost 50% of government agencies said that the cloud has improved the security of their systems and data—with no respondents stating worsened cybersecurity as a result of cloud adoption.
Cloud-service providers (CSPs) are much more rigorously assessed than on-premises systems. They are expected to achieve internationally recognized security certifications such as ISO 27001, PCI DSS Level 1, and SSAE-16/ISAE 3402 SOC, meaning they are formally audited by third-party security professionals to be certified compliant.
Four ways the cloud is more secure than on-premises systems
To ease some of the fear and misperceptions surrounding the mandated move of federal agencies’ IT systems into the cloud, here are the top four ways cloud is, in actuality, more secure than legacy systems:
1. Augments on-premises data center security
Securing legacy systems (e.g., workstations, browsers) can be challenging and unreliable. These systems originated before cyber crime became prevalent and are therefore much more vulnerable to hackers. And with nearly every organization having internal systems connected in some way to the internet, no organization is an island. However, most CSPs have multiple security defenses, including fences, crash-proof barriers, limited access/entry points, perimeter surveillance cameras, and security guards that prevent and control access to the data center. In this way, cloud security can bolster and/or help bypass typical on-premises security weaknesses.
2. Laser-focused on cybersecurity
CSPs are laser-focused on ensuring the security and protection of their clients’ data. This is core to their business and they know that they are only as successful and reliable as their ability to prevent a data breach. Cloud infrastructure is continuously monitored by 24/7 technology overseen by highly skilled cybersecurity experts and IT professionals to ensure that potential risks and threats are minimized—and instantly detected. (A closer-to-home, somewhat similar parallel is how credit card companies are now able to instantly detect fraudulent purchase attempts.)
3. Security systems are audited annually and utilize latest technology
As part of the intense focus on cybersecurity, CSPs also undergo yearly audits to ensure the highest level of data privacy in areas such as access, storage and security—providing dedicated attention to protect against security flaws. While this is a common and regular occurrence with CSPs, this dedicated function can vary within organizations and with legacy systems. Additionally, CSPs ensure that their systems are always up to date, absorbing the burden which otherwise falls on the organization itself when legacy systems are involved (legacy systems often also being more difficult to update and protect).
4. Controlled employee access
Storing data and sensitive information in a secure cloud means that it is separated from the organization and its employees. This means that access is better controlled and it is more difficult for third parties to access data and potentially use it in malicious ways, decreasing the human risk. Access is usually also controlled by advanced, high-level security such as biometric identification and surveillance, enabling security precautions that otherwise vary enormously from one organization to another.
The cloud solution has changed the question
Whether you work in Compliance, Finance and Accounting, Legal, IT, Internal Audit, Risk Management or beyond, the cloud is proven to be the most reliable, secure and future-proofed approach available today. As a result of President Donald Trump’s executive order, Federal Government agencies and departments will be moving to the cloud, joining many who already have, either fully or partially (e.g., NASA, NSA, Department of Justice, Department of Defense).
Avoiding the cloud is no longer an option. It’s now time to refocus the conversation and energy away from cloud fears and defending the false sense of security of more familiar on-premises risks, and back to the broader task: effective security risk mitigation in today’s overall IT environment.