Nowadays, cloud services—especially public cloud services—are the launchpad for innovation.

With legacy applications now beginning their cloud-migration journeys, cloud security and data protection response are becoming more complicated.

In fact, 62% of European enterprises operating in multicloud environments said they are looking to switch their data protection architecture because it “lacks features and innovation in new technologies and emerging needs.” Having state-of-the-art encryption capabilities in the cloud as well as complete control of the keys to ensure data protection and compliance are important to these organizations.

As cloud becomes a de facto operating model for mission-critical and modern workloads and as new technologies such as containers become mainstream, it is imperative to modernize security designs and solutions.

Figure: Top cloud data services challenges of today.

Adopting cloud for speed and agility without adapting security framework is a risky strategy

IDC research shows that 93% of organizations have been the target of malware attacks, including ransomware, in the past 12 months, with more than half of those suffering successful attacks and most experiencing multiple attacks. 54% of organizations have suffered an unrecoverable data event in the past three years. Especially in the current context, where most employees are working remotely and trying to access sensitive data, the threats are more significant and require more sophisticated threat and fraud detection.

Whilst innovation and speed of business are key parameters of digital transformation—and the digital importance is increasing day-by-day under current circumstances—IDC firmly believes that to succeed with digital transformation, enterprises must embrace “digital trust.”

IDC predicts that, with the business criticality of digital trust rising, 55% of European spending on security services will be devoted to developing, implementing, and maintaining a ‘trust framework’ by mid-2023.

European enterprises and regulators have a privacy-first and data protection-first approach to cloud adoption. The introduction of new privacy laws, such as the EU GDPR, have become game-changing regulations and brought consideration of storage, use, and protection of personal data front and center. These regulations aim to put privacy and personal data in the control of the consumers, making businesses reassess how they can comply with the new requirements whilst continuing business initiatives. Companies are forced to be more attentive to the security and privacy features in the cloud services.

When investing in cloud technologies, they are assessing how they can build a robust security framework with trust-by-design and security-by-design principles for digital transformation.

The dilemma

Organisations certainly need to comply with data protection regulations, but more importantly, they need to function as businesses and progress their data-driven initiatives to gain a competitive advantage. Security is both an inhibitor and a driver for cloud adoption. How enterprises navigate through the challenges determine their success.

Key security considerations in mitigating cloud risks

  • Shifting security left is a key investment priority related to the application development and deployment platform for 61% of European organizations that IDC surveyed.
  • Integrated data protection for data at rest and in transit are important along with non-disruptive protection of newer environments, such as DevOps environments where data is in use.
  • Data protection should cover modern container environments and enable rollbacks, modern database support, and isolation to facilitate accelerated application delivery.
  • A data protection solution for your cloud environment should offer data encryption, data access control, key management, and certification management. EU GDPR is not prescriptive regarding the technologies required to enable compliance. However, it recommends the implementation of encryption and pseudonymisation as approaches to protect sensitive data and manage risks.
  • Extensive security-related certifications to protect tampering against the Hardware Security Module in the cloud.
  • Another key consideration is data integrity—maintain the accuracy and consistency of the data to ensure that the business is confident about the insights derived from analytics.
  • Data access monitoring—a significant threat comes from internal sources, including disgruntled employees, dishonest employees looking for gain, or just careless employees exposing sensitive data. In fact, malicious insider threats are the third most cited concern, according to IDC. Monitoring data access and looking for anomalies in behaviour can help mitigate internal threat risks, regardless of where the data is located.

About 43% of European organisations are focusing their digital transformation efforts on data capitalisation and data monetisation to create new data-driven revenue streams.  But, in order to achieve this, they need to prioritise privacy and data security, compliance, and information governance as cornerstone initiatives.

IDC data source: “Why are Hybrid and Multicloud Data Services Challenges Intensifying This Year Compared With 2018?

Learn more about IBM public cloud

Listen to this joint IDC & IBM podcast series on public cloud:

Discover the benefits of IBM public cloud and build for free on IBM Cloud.

IDC data source: Why are Hybrid and Multicloud Data Services Challenges Intensifying This Year Compared With 2018?

Was this article helpful?

More from Cloud

From complexity to clarity: Future pathways for VMware clients

5 min read - Today, VMware clients might be facing transformational decisions amidst an evolving landscape following Broadcom's acquisition of VMware and in search of the best pathways to serve their business needs. However, this process can be complex and challenging, with the potential impacts of choosing the right offerings, adapting to licensing modifications and navigating the partnership impacts. IBM Consulting® can support VMware clients in their transformational journey based on its vast experience of supporting clients through their hybrid cloud estate. IBM Consulting…

Accelerating responsible AI adoption with a new Amazon Web Services (AWS) Generative AI Competency

3 min read - We’re at a watershed moment with generative AI. According to findings from the IBM Institute for Business Value, investment in generative AI is expected to grow nearly four times over the next two to three years. For enterprises that make the right investments in the technology it could deliver a strategic advantage that pays massive dividends. At IBM® we are committed to helping clients navigate this new reality and realize meaningful value from generative AI over the long term. For our…

New 4th Gen Intel Xeon profiles and dynamic network bandwidth shake up the IBM Cloud Bare Metal Servers for VPC portfolio

3 min read - We’re pleased to announce that 4th Gen Intel® Xeon® processors on IBM Cloud Bare Metal Servers for VPC are available on IBM Cloud. Our customers can now provision Intel’s newest microarchitecture inside their own virtual private cloud and gain access to a host of performance enhancements, including more core-to-memory ratios (21 new server profiles/) and dynamic network bandwidth exclusive to IBM Cloud VPC. For anyone keeping track, that’s 3x as many provisioning options than our current 2nd Gen Intel Xeon…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters