Cloud Security - Why Proactive Governance is the Need of The Hour
By Aditi Bhat
What comes to your mind when you think about cloud security? Probably words like ‘encryption’, ‘administration’, ‘identity’, ‘user IDs’ and ‘passwords’.
Think you’ve covered everything related to the cloud? There’s a missing piece to this list, and a very vital one at that, because it’s something that makes cloud significantly more secure. It's called proactive security.
The need to be proactive
Governance, Risk Management, and Compliance (GRC) are the three main pillars, which function together to assure that a business or an organisation is meeting its various objectives through effective and efficient utilisation of its human capital, processes, and technology.
Once a business or an organisation achieves and grows into a certain size, it becomes essential for the GRC activities to function effectively. Supporting and sustaining an IT or Information Security GRC program with evolving governance requires altering the risk profile and landscape with numerous compliance requirements to be fulfilled, which can be a challenge for many businesses and organisations.
Keeping this in mind, Manipal ProLearn recently organised a webinar on Cloud Security and Compliance for Proactive Governance. The event was conducted by Swaminathan Duraiswamy. Principal Consultant, Spark Rays, and the key focus areas of the webinar were:
*Critical aspects of cloud security and compliance,
*Critical security issues in the absence of governance,
*Country-specific requirement for compliance, and
*Setting up a governance structure in a cloud computing environment.
Cloud security and compliance
It speaks about the compliance which various cloud service providers adhere to, which might be government compliances, industry standards and contracts between the service provider and the client. You may think that your data stored in the cloud might be secure but it is not always the case, so it is vital that the cloud service providers divert their priorities on data security to ensure data stored in the cloud is safe.
Critical security issues in absence of governance
It’s all about the concerns related to ownership of data. Who is the real owner of the data - the person or entity posting or uploading data for the service provider, and what happens if a service provider goes out of business? For example, millions of people around the world use Gmail’s email service for sending and receiving personal, business and official emails. In a hypothetical scenario, what happens if Gmail goes out of business tomorrow and shuts operations, do we lose all our data and what happens to our data in such a situation?
Country-specific requirement for compliance
It pertains to the difference in data protection laws in different countries and how it affects the user. For example, say a person in Brazil uploads his information on Facebook, which has its servers in the United States. In case of data theft, which country’s laws are applicable and how will it affect the user?
Setting up a governance structure in a cloud environment
Setting up governance structure in a cloud environment pertains to the fact that it is not practical for companies and enterprises to rely entirely on the cloud service provider for ensuring safety and security of their data. Businesses should have their own data security systems.
Data and cloud security is a matter of highest importance for businesses and data, and cloud security measures need to be proactive and not reactive, i.e. it is wise to have security measures in place to prevent any form of cyber-attack rather than waiting for an attack to set-up security measures.
So, if you’re planning to make it big in the world of cloud computing, a perfect stepping stone would be an IT boot camp training course or an online course on cloud computing, covering its dynamics and requirements in the modern times.