Cloud
Disaster recovery
Security
May 11, 2020 By Archana Venkatraman
Barry Brown
Jonathan McCormick
3 min read

Nowadays, cloud services—especially public cloud services—are the launchpad for innovation.

With legacy applications now beginning their cloud-migration journeys, cloud security and data protection response are becoming more complicated.

In fact, 62% of European enterprises operating in multicloud environments said they are looking to switch their data protection architecture because it “lacks features and innovation in new technologies and emerging needs.” Having state-of-the-art encryption capabilities in the cloud as well as complete control of the keys to ensure data protection and compliance are important to these organizations.

As cloud becomes a de facto operating model for mission-critical and modern workloads and as new technologies such as containers become mainstream, it is imperative to modernize security designs and solutions.

Figure: Top cloud data services challenges of today.

Adopting cloud for speed and agility without adapting security framework is a risky strategy

IDC research shows that 93% of organizations have been the target of malware attacks, including ransomware, in the past 12 months, with more than half of those suffering successful attacks and most experiencing multiple attacks. 54% of organizations have suffered an unrecoverable data event in the past three years. Especially in the current context, where most employees are working remotely and trying to access sensitive data, the threats are more significant and require more sophisticated threat and fraud detection.

Whilst innovation and speed of business are key parameters of digital transformation—and the digital importance is increasing day-by-day under current circumstances—IDC firmly believes that to succeed with digital transformation, enterprises must embrace “digital trust.”

IDC predicts that, with the business criticality of digital trust rising, 55% of European spending on security services will be devoted to developing, implementing, and maintaining a ‘trust framework’ by mid-2023.

European enterprises and regulators have a privacy-first and data protection-first approach to cloud adoption. The introduction of new privacy laws, such as the EU GDPR, have become game-changing regulations and brought consideration of storage, use, and protection of personal data front and center. These regulations aim to put privacy and personal data in the control of the consumers, making businesses reassess how they can comply with the new requirements whilst continuing business initiatives. Companies are forced to be more attentive to the security and privacy features in the cloud services.

When investing in cloud technologies, they are assessing how they can build a robust security framework with trust-by-design and security-by-design principles for digital transformation.

The dilemma

Organisations certainly need to comply with data protection regulations, but more importantly, they need to function as businesses and progress their data-driven initiatives to gain a competitive advantage. Security is both an inhibitor and a driver for cloud adoption. How enterprises navigate through the challenges determine their success.

Key security considerations in mitigating cloud risks

  • Shifting security left is a key investment priority related to the application development and deployment platform for 61% of European organizations that IDC surveyed.
  • Integrated data protection for data at rest and in transit are important along with non-disruptive protection of newer environments, such as DevOps environments where data is in use.
  • Data protection should cover modern container environments and enable rollbacks, modern database support, and isolation to facilitate accelerated application delivery.
  • A data protection solution for your cloud environment should offer data encryption, data access control, key management, and certification management. EU GDPR is not prescriptive regarding the technologies required to enable compliance. However, it recommends the implementation of encryption and pseudonymisation as approaches to protect sensitive data and manage risks.
  • Extensive security-related certifications to protect tampering against the Hardware Security Module in the cloud.
  • Another key consideration is data integrity—maintain the accuracy and consistency of the data to ensure that the business is confident about the insights derived from analytics.
  • Data access monitoring—a significant threat comes from internal sources, including disgruntled employees, dishonest employees looking for gain, or just careless employees exposing sensitive data. In fact, malicious insider threats are the third most cited concern, according to IDC. Monitoring data access and looking for anomalies in behaviour can help mitigate internal threat risks, regardless of where the data is located.

About 43% of European organisations are focusing their digital transformation efforts on data capitalisation and data monetisation to create new data-driven revenue streams.  But, in order to achieve this, they need to prioritise privacy and data security, compliance, and information governance as cornerstone initiatives.

IDC data source: “Why are Hybrid and Multicloud Data Services Challenges Intensifying This Year Compared With 2018?

Learn more about IBM public cloud

Listen to this joint IDC & IBM podcast series on public cloud:

Discover the benefits of IBM public cloud and build for free on IBM Cloud.

IDC data source: Why are Hybrid and Multicloud Data Services Challenges Intensifying This Year Compared With 2018?

Was this article helpful?
YesNo
Archana Venkatraman
Associate Research Director, IDC Europe
Barry Brown
Technical Sales Leader, IBM Public Cloud, Europe
Jonathan McCormick
Technical Lead, IBM Public Cloud, Europe

More from Cloud
April 26, 2024

Bigger isn’t always better: How hybrid AI pattern enables smaller language models

5 min read - As large language models (LLMs) have entered the common vernacular, people have discovered how to use apps that access them. Modern AI tools can generate, create, summarize, translate, classify and even converse. Tools in the generative AI domain allow us to generate responses to prompts after learning from existing artifacts. One area that has not seen much innovation is at the far edge and on constrained devices. We see some versions of AI apps running locally on mobile devices with…

April 8, 2024

IBM Tech Now: April 8, 2024

< 1 min read - ​Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 96 On this episode, we're covering the following topics: IBM Cloud Logs A collaboration with IBM watsonx.ai and Anaconda IBM offerings in the G2 Spring Reports Stay plugged in You can check out the…

April 4, 2024

The advantages and disadvantages of private cloud 

6 min read - The popularity of private cloud is growing, primarily driven by the need for greater data security. Across industries like education, retail and government, organizations are choosing private cloud settings to conduct business use cases involving workloads with sensitive information and to comply with data privacy and compliance needs. In a report from Technavio (link resides outside ibm.com), the private cloud services market size is estimated to grow at a CAGR of 26.71% between 2023 and 2028, and it is forecast to increase by…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters