January 22, 2020 By IBM Cloud Team 3 min read

While organizations continue to move more mission critical applications and workloads to the cloud, security remains a top concern for IT, cybersecurity, and business decision-makers.

According to the 2019 Cloud Security Report, 93% of cybersecurity professionals are either extremely or moderately concerned about cloud security. Nearly 30% said they experienced a public cloud-related incident in the last 12 months. Top security issues are data loss, data privacy, compliance, accidental exposure of credentials, and data sovereignty.

The level of concern about cloud security is not surprising. With more applications and data moving to the cloud, the impact of a security breach can be devastating. The average cost of a data breach is now $3.92 million, per the 2019 Cost of a Data Breach Report by the Ponemon Institute.

The good news, however, is there are ways to mitigate the impact of a breach, either pre-emptively or after a breach occurs. Foremost among these, according to Ponemon, is “extensive use of encryption.” Other key mitigating factors include data loss prevention, threat intelligence sharing, and business continuity management.

As an IT decision-maker, what can you do to mitigate both the risk and the concern about a cloud security breach?

First, you have to recognize and acknowledge that any time you are using public cloud, you are using a shared responsibility model—this means that you are responsible for security to and from the cloud and the cloud provider is responsible for security within its cloud infrastructure.  

Second, you should choose a cloud provider that offers the highest levels of protection and expertise—particularly in areas that have a significant effect in reducing risk, such as encryption, access control, monitoring and visibility, along with data sovereignty and other compliance requirements.

Third, you should use a public cloud platform that is tightly integrated with your on-premises virtualized environment, specifically VMware. With tight integration, you can run VMware workloads in the cloud with a high uptime availability at the virtual machine (VM) level while leveraging innovations such as stretched clusters to reduce risk and improve availability of mission critical applications.

Five important security factors

With those three considerations in mind, here are five additional important security factors to consider in choosing a public cloud provider:

  1. Encryption: As noted, encryption is the number one factor in preventing and mitigating the impact of a breach. Ask if your public cloud vendor offers a FIPS 140-2 Level certified Hardware Security Model. This is important because Level 4 certification provides industry-leading protection against tampering. Additionally, you can access functionality so that no one—including cloud administrators—has access to encryption keys at any point.
  2. Role-based access control: With role-based access control, you can decrease the risk of breaches and data leakage by reducing and managing access to sensitive information. You can guarantee that only authorized users are given access to what they need to do their jobs. You also enhance compliance by more effectively managing how data is accessed and used.
  3. Data sovereignty: As described by TechTarget, “Verifying that data exists only at allowed locations can be difficult. It requires the cloud customer to trust that their cloud provider is completely honest and open about where their servers are hosted and adhere strictly to several level agreements (SLAs).” Make sure your cloud provider has data centers all around the globe and can comply with data sovereignty regulations by geo-fencing workloads running on trusted servers.
  4. Compliance: Data sovereignty and compliance go hand-in-hand, particularly as more and more enterprises are conducting business globally and local governments and agencies have strict compliance requirements for doing business, such as General Data Protection Regulation (GDPR) in the European Union. In public cloud, you want to be able to enforce compliance requirements with continuous monitoring and alerting against policy-based templates for audit readiness.
  5. Business continuity: Backup and disaster recovery are vital use cases when it comes to public cloud, but you must also make sure that your provider supports high availability capabilities to ensure the integrity of backup and DR sites when recovering from cyberattacks. Make sure to ask your cloud provider about recovery time objectives and recovery point objectives, as well as capabilities such as stretched vSAN clusters for your VMware solutions in hybrid and public cloud.

Mitigate risk by choosing the right public cloud provider

Perhaps it is inevitable that business and IT leaders will have concerns about cloud security. The idea of trusting your mission critical data and applications to another company can be somewhat daunting.

Today’s reality, however, is that you can mitigate risk—and concern—by choosing a public cloud provider that is focused on security leadership and trust, offering enterprise grade protections in key areas such as encryption, control, compliance, data sovereignty, and business continuity.

Learn more about IBM’s security leadership and how to most securely migrate your mission critical VMware workloads to IBM Cloud.   

Was this article helpful?
YesNo

More from Cloud

Think inside the box: Container use cases, examples and applications

5 min read - Container management has come a long way. For decades, managing containerized environments was a relatively simple affair. The modern idea of a computer container originally appeared back in the 1970s, with the concept first being used to help define application code on Unix systems. Modern containerization technology has moved on steadily from those early beginnings, and when companies run containers now, they’re getting a lot more utility for their investment. From small startups to large, established businesses, container frameworks have…

IBM Tech Now: February 26, 2024

< 1 min read - ​Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 92 On this episode, we're covering the following topics: IBM watsonx Orders EDGE3 + watsonx G2 Best of Software Awards Stay plugged in You can check out the IBM Blog Announcements for a full…

IBM Cloud delivers enterprise sovereign cloud capabilities

5 min read - As we see enterprises increasingly face geographic requirements around sovereignty, IBM Cloud® is committed to helping clients navigate beyond the complexity so they can drive true transformation with innovative hybrid cloud technologies. We believe this is particularly important with the rise of generative AI. While AI can undoubtedly offer a competitive edge to organizations that effectively leverage its capabilities, we have seen unique concerns from industry to industry and region to region that must be considered—particularly around data. We strongly…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters