Last week Backupify attended CSA Congress 2014 - a gathering of security and privacy professionals dealing with cloud growth at their organizations. As companies store more data in the cloud, there are now more regulations to meet and compliance standards to address. During a panel session let by our own CEO Rob May, Steve Peltzman, Chief Business Technology Officer at Forrester Research, Tsahy Shapsa, VP of Business Development at CloudLock and Steve Holly, Solutions Engineer at Onix discussed the importance of culture for cloud security and how the culture of an organization can help or hurt the security of that organization’s data in the cloud.
It comes from the top down
The panelists all agreed that in order to ensure an organization is protecting data in the cloud, the importance of security must be emphasized from the top. If the executive team is not in agreement and pushing security best practices to their respective teams, it simply won’t work.
Steve Peltzman talked about having the luxury of buy in from his peers. Their team has established guidelines for the company that all departments enforce….and it works.
Best practices shouldn’t go away when moving to the cloud
If you back up your data on-prem, wouldn’t you back it up in the cloud? Another important discussion point from the panel was around how companies are unfortunately not carrying over their IT best practices to the cloud. Tshay Shapsa reminded the audience that nothing has changed - the data now resides in a different place but it’s still sensitive data that needs to be secure and protected. With more cloud solutions helping companies do business, there are now plenty of available cloud security technologies with solutions designed to offer data protection. Examples are CloudLock and Backupify - two unique technologies that companies can use to feel more confident in the cloud.
The cloud can’t stop user error
There was a brief discussion during the panel about a cloud vendor’s responsibilities. Sure, there are lots of SLAs out there promising this and that but can these SLAs protect against the “human” factor. Tsahy used the metaphor of badge keys that allow people to enter a building. If I steal someone’s badge, I can easily enter the building - the security system only knows that the right credentials have been used and can’t differentiate between the actual badge owner and the thief. Same with cloud technologies. In the wrong hands, these systems can’t distinguish between who should rightfully be accessing or deleting data. This is again why companies should consider implementing the right technologies to protect their data in the cloud as well as implementing the right training, processes and procedures for employees. Companies should ensure that employees know their security procedures, have updated the right tools on their laptops, etc.
Has your company embraced the culture of the cloud? What has worked well (and not so well)?? Share your thoughts in the comments section below.