Nowadays, cloud services—especially public cloud services—are the launchpad for innovation.
With legacy applications now beginning their cloud-migration journeys, cloud security and data protection response are becoming more complicated.
In fact, 62% of European enterprises operating in multicloud environments said they are looking to switch their data protection architecture because it "lacks features and innovation in new technologies and emerging needs." Having state-of-the-art encryption capabilities in the cloud as well as complete control of the keys to ensure data protection and compliance are important to these organizations.
As cloud becomes a de facto operating model for mission-critical and modern workloads and as new technologies such as containers become mainstream, it is imperative to modernize security designs and solutions.
Adopting cloud for speed and agility without adapting security framework is a risky strategy
IDC research shows that 93% of organizations have been the target of malware attacks, including ransomware, in the past 12 months, with more than half of those suffering successful attacks and most experiencing multiple attacks. 54% of organizations have suffered an unrecoverable data event in the past three years. Especially in the current context, where most employees are working remotely and trying to access sensitive data, the threats are more significant and require more sophisticated threat and fraud detection.
Whilst innovation and speed of business are key parameters of digital transformation—and the digital importance is increasing day-by-day under current circumstances—IDC firmly believes that to succeed with digital transformation, enterprises must embrace "digital trust.”
IDC predicts that, with the business criticality of digital trust rising, 55% of European spending on security services will be devoted to developing, implementing, and maintaining a ‘trust framework’ by mid-2023.
European enterprises and regulators have a privacy-first and data protection-first approach to cloud adoption. The introduction of new privacy laws, such as the EU GDPR, have become game-changing regulations and brought consideration of storage, use, and protection of personal data front and center. These regulations aim to put privacy and personal data in the control of the consumers, making businesses reassess how they can comply with the new requirements whilst continuing business initiatives. Companies are forced to be more attentive to the security and privacy features in the cloud services.
When investing in cloud technologies, they are assessing how they can build a robust security framework with trust-by-design and security-by-design principles for digital transformation.
Organisations certainly need to comply with data protection regulations, but more importantly, they need to function as businesses and progress their data-driven initiatives to gain a competitive advantage. Security is both an inhibitor and a driver for cloud adoption. How enterprises navigate through the challenges determine their success.
Key security considerations in mitigating cloud risks
- Shifting security left is a key investment priority related to the application development and deployment platform for 61% of European organizations that IDC surveyed.
- Integrated data protection for data at rest and in transit are important along with non-disruptive protection of newer environments, such as DevOps environments where data is in use.
- Data protection should cover modern container environments and enable rollbacks, modern database support, and isolation to facilitate accelerated application delivery.
- A data protection solution for your cloud environment should offer data encryption, data access control, key management, and certification management. EU GDPR is not prescriptive regarding the technologies required to enable compliance. However, it recommends the implementation of encryption and pseudonymisation as approaches to protect sensitive data and manage risks.
- Extensive security-related certifications to protect tampering against the Hardware Security Module in the cloud.
- Another key consideration is data integrity—maintain the accuracy and consistency of the data to ensure that the business is confident about the insights derived from analytics.
- Data access monitoring—a significant threat comes from internal sources, including disgruntled employees, dishonest employees looking for gain, or just careless employees exposing sensitive data. In fact, malicious insider threats are the third most cited concern, according to IDC. Monitoring data access and looking for anomalies in behaviour can help mitigate internal threat risks, regardless of where the data is located.
About 43% of European organisations are focusing their digital transformation efforts on data capitalisation and data monetisation to create new data-driven revenue streams. But, in order to achieve this, they need to prioritise privacy and data security, compliance, and information governance as cornerstone initiatives.
Learn more about IBM public cloud
Listen to this joint IDC & IBM podcast series on public cloud:
- Episode 1: Running mission critical workloads on cloud
- Episode 2: The shift to cloud native application delivery platforms
- Episode 3: Building a robust hybrid and multicloud foundation