As we enter every new year, a raft of “what’s in store” articles predicting the major issues and opportunities emerge on the scene. This year, it seems that the cloud (and specifically, cloud security) is one of the major areas of focus for companies. According to Global State of Information Security® Survey 2013 — a worldwide study conducted by PwC, CIO Magazine, and CSO Magazine — cloud security is the #1 technology security priority for the North American organizations polled. (That’s a major shift from the #9 position cloud security held in the 2012 study.)
Given the dramatic rise in the number and magnitude of data breaches in 2012, I’m not surprised that cloud security made such a big leap this year. And with APTs becoming the norm in any high value infrastructure, an increased emphasis on cloud security just makes sense. As CISOs look at ways to contribute even more to the business, they see the cloud as a way to leverage economies of scale and improve workforce and operational efficiencies. Moreover, many are realizing that moving to the cloud is NOT just about more cost savings and efficiency; it’s about creating entire new agile business models that drive revenue.
That said, with all the public fallout from prominent data breaches in 2012 (not to mention the NYT and Twitter hacks that occurred just last month), CISOs are understandably wary of fully embracing the cloud until there are strong data security assurances in place. The potential financial and reputation costs of big breaches are simply too great.
What does surprise me is that 38% of companies have no plans to adopt the cloud or even evaluate cloud security technologies in 2013. I would have believed 15-20%, but 38%? I think it’s time that those companies recognize the truth in what Charles Darwin observed:
“It is not the strongest species that survive, nor the most intelligent, but the ones most responsive to change.”
Cloud technologies — properly implemented — can yield enormous business benefit. But the move to the cloud has to be well considered because data is the fuel that powers our businesses; sensitive data must be properly protected, especially in the cloud. The data, not just the systems that house it, is our “critical infrastructure.” If we don’t protect our cloud-based data, then we’re putting significant parts of our critical infrastructure at risk.
To paraphrase Confucius, we live in interesting times. While our business environment mandates big data, our threat landscape becomes ever more perilous. The challenge, then, is to balance the storage and use of increasing amounts of data with effective data protection strategies. We must adapt, but do so in ways that still protect what matters — our sensitive data and our customers’ trust.
The question I pose to you is this: as you embrace the cloud, what are you doing to protect your #1 asset?