Data Security Priorities for SMBs in 2017

Small- and medium-sized companies (SMBs) are equally vulnerable to cyber threats and data breaches as large enterprises. According to a survey of SMBs conducted by Ponemon Institute, nearly 55% of respondents said that they experienced a cyber-attack, and at least 50% had a data breach in the past 12 months. It was also revealed that negligent employees, contractors and third parties caused most data breaches.[1]

Here are the key reasons why SMBs are becoming more vulnerable

  • Security policy is not well defined.
  • The software and methods that are in place to prevent the breach are either obsolete or not capable enough to prevent the data leakage.
  • Lack of training to the employees.
  • Not enough budget is allotted to thwart the threat.
  • Strict adherence to follow the security procedure is lacking – weak or repetitive passwords. Encryption is missing in most of the cases.
  • BYOD policies are missing.
  • Protocol to be followed in case of leak is not defined, which could in turn restrict the extent of data loss.
  • There is rarely a dedicated IT personnel overlooking the security of the system. Thus, 24/7 observation is

For all of these reasons, the loss of sensitive data is often due to negligence of the company personnel. A lot can be averted if the following requirements are addressed in the security protocol.

These essential steps are recommended for SMBs to follow and implement in order to mitigate data breach threats.

  • Regular training sessions should be conducted for the employees. Users should be educated about cyber security and informed on how to deal with the sensitive information safely.
  • Password encryption should be a must. Implementation of two-factor authentication is an easy and affordable way to safeguard the cyber content.
  • Account management should be implemented. User-defined roles should dictate who gets what kind of access to the sensitive data. Authentication of the user and the device being used to access the information should be verified.
  • Clearly define the BYOD policies to the employees so that intentional or deliberate loss of data can be mitigated.
  • Software used should be current, thus making it less vulnerable to cyber threats.
  • Policies around what data can be copied and how and where it can be duplicated should be laid out for the users.

As we step into 2017, SMBs should start gearing up to implement tailored protocols to defend against data breach, particularly from insiders. Along with taking the steps mentioned above in stride, employees should be scrutinized for their behavior in the office. Even at the time of recruitment, proper background screening should be conducted. Getting the right kind of employees and following up with a robust plan for security will aptly help mitigate the threat.

[1] http://www.ponemon.org/blog/smbs-are-vulnerable-to-cyber-attacks

2016: Data Breach Statistics

 

The ITRC tracks seven categories of data loss methods: Insider Theft, Hacking, Data on the Move, Subcontractor/Third Party, Employee Error/Negligence, Accidental Web/Internet Exposure, and Physical Theft.

The ITRC tracks four types of compromised information: Social Security number, Credit/Debit Card number, Email/Password/User Name, and Protected Health Information (PHI).

Total records exposed only include records for which count is available.

The year 2016, till now, has witnessed 980 data breaches affecting 35 million plus records. The highest number of records breached has been in the Medical/ Healthcare sector, at more than 15 million records, as per the report from Identity Theft Resource Center.

Zecurion offers deeper insight into selected incidents caused either by accidental or intentional data breaches. With all such incidents, the common elements describing the impact of this growing problem are financial loss, compromised intellectual property and dwindling customer confidence. Let us see how some sectors have been impacted. The excerpts below only provide a glimpse of some of these incidents – the list goes on.

Government

November 23, 2016 – The Navy reported that PII of 134,386 sailors was compromised from a contractor’s laptop.  Hewlett Packard Enterprise Services, through which the contractor was hired, said that no information had been misused. However, it reported that data containing names and Social Security Numbers was accessed by an unknown number of people. The investigation is ongoing and will take a few weeks before identifying those affected and next steps.

Source: Navy Times

October 28, 2016 – A breach at the Office of the Comptroller of Currency resulted in leakage of sensitive information of more than 10,000 employees. It was found that a former employee had unintentionally downloaded the information. There is no evidence on any information being misused in any way. The incident was reported to Congress as required by law.

Source: Wall Street Journal

Healthcare

November 30, 2016 – Emblem Health has notified that its subsidiary company, Group Health Inc. (GHI), had an accidental breach wherein an unknown number of records were exposed. The disclosed information contained the Health Insurance Claim Number (HICN) which mirrors the Social Security Number. So far, there has been no report of any kind of misuse of leaked information. As a precaution, the affected members have been offered free professional identity monitoring service for 24 months, in addition to a 24-hour dedicated helpline and $1,000,000.00 in identity theft insurance through AllClear ID.

Source: California Attorney General

Education

December 2, 2016 – San Jose Evergreen Community College District (SJECCD), California, reported that an employee accidentally uploaded a file containing the PII of an unknown number of students on the SJECCD website. The information could be accessed if search strings were run on the site. Upon learning about the mistake, the file was immediately removed from the server. Though there is no immediate report of any misuse, the management has offered complimentary one year credit monitoring services of AllClear ID to affected students.

Source: California Attorney General

Ensuring Application Security in Mobile Environment

With concepts such as bring-your-own-device (BYOD) becoming almost indispensable in today’s business environments, employees have both official and personal data on their smartphones and other devices. Because many of these devices are not very secure, hackers are having a field day. Apart from this, the risks of inadvertent data loss have also greatly increased.

In a recent analysis of downloaded applications within organizations, IBM found that these apps had access to confidential business data.

Anyone using a smartphone is aware that downloaded applications require frequent OS updates. Frequent updates cause greater exposure and vulnerability for the phones, which means that they may get corrupted or lose precious, business-critical data. Additionally, because mobile apps can access security-critical servers, storage, and networking systems, these apps are prone to and vulnerable to external attacks in which hackers can intercept data and cause huge losses. In a recent case involving an Android application, a weakness was found that could put personal user information at risk, including not only phone numbers and location details but also account balances.

Because compromised applications may at times lead to irrevocable losses for organizations in terms of finances, brand loyalty, confidential customer information, and intellectual property, application-security testing teams need to be on their toes at all times. They need to think about how to implement a robust, automated, and scalable mobile-specific security management program that can eliminate the looming risks to enterprise data with ease and efficiency.

On a positive note, most organizations have data-loss prevention (DLP) policies in place for blocking devices as soon as they are reported lost. However, most organizations do not have a clue about the type of applications installed on their employees’ mobile phones, and this is a huge cause of concern. To ensure that only safe applications are installed on corporate-owned and corporate-controlled devices, organizations have moved toward implementing mobile application management solutions. Many organizations involved in the generation and management of critical data, such as data relating to finance and security, use advanced DLP measures to control logins and access to data on mobile devices.

What is needed to ensure that your organization has a robust risk management system in place for your applications?

To ensure that mobile applications are secure in all aspects, organizations must follow basic rules:

  • Perform stringent tests (perhaps utilizing a cloud-testing lab) for all application types (web, native, and hybrid), for all browsers, for iOS and Android (especially if it is open source), and for all software that might access the application once it is installed.
  • Perform continuous static and dynamic analyses; monitor applications to detect problems.
  • Perform checks for threats to the application due to weak encryption, client-side injection, and data storage.
  • Minimize and verify functionality and permissions, thus simplifying the code. In addition, conduct thorough data validation and perform end-to-end testing of the code to check for any shortfalls related to security.
  • Test the back end for any weaknesses in the emulators running the mobile applications.
  • Perform thorough testing (automated penetration, functional, performance, etc.) on the application for loopholes related to security and for any weaknesses related to viruses.
  • Try to avoid the data storage and transmission. If this is necessary, encrypt data during the process.
  • Detect integrity violations using a taint analysis.
  • Hard-code the applications so that no one can modify them externally.
  • Invest in an automated mobile-app security-testing tool that can perform security assessments, penetration testing, for apps being built using agile methodology.

App developers must also make their apps third-party-friendly and easy to download. This will dissuade mobile users from wanting to jailbreak or root their mobile devices, which makes the devices vulnerable and renders the features related to OS security ineffective. App developers must be motivated and trained to build apps that have strong, built-in security controls to thwart any unwarranted breaches.

If organizations perform the above tests, follow strict app development guidelines, and implement robust frameworks for security testing, they will have done all that is required to keep the mobile applications—and, more importantly, the user data—secure. These measures, coupled with use of DLP, will effectively lead to implementation of stronger security practices.

How to Select the Right Encryption Solution

In today’s fast-moving and fast-changing world, coupled with the influx of smart devices and IoT, securing data and protecting it from falling into malicious hands has become extremely challenging, complex, and necessary. The workplace no longer adheres to a typical 9-to-5 routine. Technology has created the ability to work remotely from anywhere and at any time through laptops, tablets, smartphones, etc. The gates to breaches have thus significantly increased in number, resulting in greater need to use encryption, scaling to not just a computer but to the numerous smart devices that are constantly used to access data.

Ponemon Institute conducted a survey and came up with the most prominent drivers that propel industries to consider encryption as a defense against data breaches.

We saw in one of our previous blogs how the number of breach incidents has risen to staggering heights this year. IT experts collectively agree that encryption is the key solution to this humongous problem, but it has to be the right type of encryption that is applied to the industry. A thorough knowledge of current tools and technologies that are prevailing in the market is very important before implementing any type of encryption. A customized encryption solution, apt for the said enterprise, will not only protect the loss of data but also save time and money. Now, what is the criteria for determining the type of encryption solution suitable for the enterprise? The following points will answer this question.

  1. Basic Requirements – A Must

The encryption solution should meet the following basic requirements:

  • Encryption should be automated, simple for end users to comply with, and provide non-disruptive protection.
  • There should be a robust access authentication of users, resulting in appropriate access to the data by authorized users only. The encryption should also have a provision for regular checks on user access control for validity.
  • It should be able to protect wide array of smart devices across multiple platforms such as Windows, Mac, and Android. Most smart devices already offer some kind of base protection, but this might not be sufficient for big enterprises dealing with highly sensitive data.
  • Type of encryption will also further depend on the type of data that has to be protected. This could be data in motion, data at rest, or data in use. The company might require full-disk encryption or just file encryption.
  • The need for managing the encryption keys must be assessed – can it be done by the IT department itself or should the services of a vendor be considered.
  • Another characteristic is that the encryption implemented should grow as the enterprise expands. The growing demands of the company should not hamper the prevailing encryption or render it ineffective.
  • The encryption should be such that if the data were to fall into the hands of hackers, it would be deemed incomprehensible and useless.
  1. Encryption Key – Vendor-managed or Customer-managed

An encryption vendor-managed key or a customer managed key scheme uses a pseudo-random encryption key generated by an algorithm. An unauthorized interceptor cannot access the data without this key. Customer managed key (CMK) empowers the customer completely as it makes physical location of the files less relevant, since no party can decrypt the data if the customer has chosen to withdraw access to the encryption keys.

  1. Key Management

Managing the keys is another important aspect in encryption. Depending on how big the organization is, there could be a large number of keys that need to be managed uniformly and tracked constantly. Towards this, Zecurion Zserver secures and protects confidential information at the processing and storage level on corporate servers. The Zserver Enterprise Key Management Server (EKMS) minimizes administrative overhead for encryption by generating, storing, managing, and automatically loading encryption keys across the enterprise.

According to a report by CSC, “While individuals are responsible for most data creation (70 percent), 80 percent of all data is stored by enterprises.” Encryption may not be the silver bullet to thwart data breaches completely, but is a necessary step towards mitigating the accidental or deliberate loss of critical and sensitive data. Enterprises, both small and large, should make it a mandatory requirement  and implement encryption company-wide.

Mobility and Security Go Hand-in-Hand

“By the end of 2017, market demand for mobile app development services will grow at least five times faster than internal IT.” Gartner

The reason for Gartner’s prediction of a fast growing industry is that more and more organizations across multiple sectors are adopting the bring-your-own-device (BYOD) culture. With most functionalities going digital, many employees have started to use their mobile devices not only for communicating with their peers but also for storing and accessing business-critical data on and off company premises. While this has added a lot of ease and reduced time to respond, it has invariably led to a laundry list of issues, especially regarding security.

The Vulnerabilities

While organizations are worried sick about hackers stealing critical data, they have come to realize that often the enemy lies within. Employees who can access business data over their smart devices may—knowingly or unknowingly—share critical data with competitors or simply lose their devices that may have accessible data. Such data in the wrong hands may prove to be very costly.

These problems have made employers lose sleep, worrying and fretting about the safety of their data. Even though these problems may be resolved by a seamless implementation and integration of a robust security system with firewalls and servers that allow communication via mobile devices, there are still many security threats that loom large.

Banking and financial sectors along with organizations dealing with security need to be the most careful about such events, and must try to curtail losses ASAP. As per SafeNet’s Breach Level Index, “…not all breaches are reported and many, especially those involving insiders, may go unnoticed or take a long time be discovered.” Furthermore, regardless of the number of incidents, SafeNet’s report claims that insiders account for more than half of the actual information lost.

The more the time taken for the realization that crucial data has been compromised due to an internal threat, the more severe the losses will be, which may be monetary or related to loss of reputation. Both could eventually lead to loss of a customer base.

When it comes to insiders, “ignorant users” are known to be the biggest threat. However, almost 70% of IP thefts are committed by disgruntled, grudge-bearing employees or by employees that are looking for monetary gains. Emails are another common method by which employees can steal data. With all the company data now available on their smart phones there is a huge security concern with these employees. With the explosion of social media—Twitter, Facebook, Instagram, and every other new information-sharing app—in addition to their heightened the accessibility by almost all employees, it is very difficult to control what critical information is being made public.

Apart from this, a lot of organizations are shifting toward storing (sometimes critical) data online using cloud-based platforms. In case such data is breached and is made public, it may result in enormous losses.

With organizations allowing external hard-disks and USB access to employees, this may in fact turn out to be the easiest means of data theft in the electronic format unless it is controlled and supervised. Coming to the more physical aspect of data theft, unsupervised printouts seem to be an obvious choice.

What Is Needed?

Mobile DLP helps prevent data leakage from mobile devices and safeguards unencrypted information. It acts as a gatekeeper to control confidential information from compromised and unauthorized access by routing the traffic through a corporate virtual private network (VPN) server.

Mobile DLP also allows access restriction for applications. The solution can help enforce a restriction on usage of select applications by blacklisting them or exceptionally allowing some applications to users by whitelisting them based on user business requirements and approvals.

Further, mobile devices connected to the corporate network can be monitored for voice chat activities through control of HTTP/HTTPS and can also log all outgoing text as well as multimedia messages to prevent data leakage. DLP solutions act like control centers for sensitive data, user profiles and device information.

With enhanced security and business flexibility, Mobile DLP offers the perfect combination required for securing data on mobile devices. Protecting the 3Cs—content, credentials, and configurations—is an essential element of any data security strategy and Mobile DLP helps address all the possible channels for vulnerabilities.

Is the Hospitality Industry in Danger?

Long back in 2005, Meyers and Mills had said that using biometric technologies could improve hotel security and enhance the ability to recognize criminal activities. Fast forward to 2016 and we are seeing that the hospitality sector has become an easy prey for cyber criminals.

The leap in technology has made it easy for the hospitality industry to gather a lot of personal
data about customers that has helped them increase sales and profit margins. A recent report by Sabre Hospitality Solutions confirms that the proper use of Big Data generated can give a ‘definitive market edge’ to hoteliers.

It’s Green for the Hackers!

This has also made it easy for hackers to commit financial crimes at a larger scale. While hackers attack smaller enterprises as they usually have systems that can be easily breached, they hack into bigger franchises for gaining access to a global database. Especially for the hospitality sector, this is due to day-to-day operations of the industry involving online reservations, card-based transactions, and rewards programs. This generates a humongous database of user data that, if exposed to the wrong hands, will create havoc in personal and financial lives.

Criminals across the globe try to hack into hotel networks to rob credit card details of guests. In essence, they are trying to target thousands of cardholders together. Not only do hotels may have vulnerable systems, they may be able to detect a breach long after it has occurred. An average time as per Trustwave Spider Labs is 173.5 days.

Cybercrime is a huge risk that hotels must deal with on a regular basis. Social engineering attacks such as phishing and Advanced Persistent Threats (APT’s) are the most dangerous types of cyber-attacks as they can bypass the current security setup. Hotel Wi-Fi networks therefore need to be secure, with built-in wireless intrusion prevention and detection for enhanced security.

Sample this: As per the 2015 Trustwave Global Security Report, the global hospitality industry now sits on top of the three industries most frequently targeted by hackers.

The Challenge

This challenge of data security and safety also increases the liability of the hospitality industry as any security breach may lead to heavy financial losses (legal), loss of brand and reputation, and also loss of customer loyalty. This will lead to financial instability and failure in the long run.

Repercussions of a Security Breach

Hotels have to spend through their nose if there’s a breach of private data. The areas where the cash will flow usually cover legal processing, fines, penalties, forensic investigation expenses, credit monitoring, business interruption losses, and hiring PR professionals to help control damage and save reputation. Additional costs are required towards recovering lost data and fixing the actual cause of breach.

Several organizations that analyse security and data breach trends cite hospitality as the ‘single most vulnerable industry’. Thus, IT leaders in hospitality are making data security their number one priority.

There are Ways to Stop This Loss

Most states today have privacy laws for issuing notifications if anyone’s personal or financial information is compromised, lost, or stolen. To add on, there are multiple practices that support data loss prevention (DLP), such as the Payment Card Industry Data Security Standard (PCIDSS) that ensures ‘that all companies that process, store, or transmit credit card information maintain a secure environment’. Practices such as PCIDSS if implemented properly, can help control a lot of such incidents.

Hotels of any size must secure their network to protect hotel operations and guests’ data. They must also annually review their information technology to proactively respond to threats. To save themselves from the fate that even the likes of Hilton, Marriott, Mandarin Oriental etc. could not avoid, hotels need to employ the best security experts that can suggest digital encryption strategies about point of sale (POS) terminals, data servers and internal networks.

Image Credit: Rawpixel.com/ Adobe Stock

2016: Data Breach Statistics, Year until 10/19/2016

*The ITRC tracks seven categories of data loss methods: Insider Theft, Hacking, Data on the Move, Subcontractor/Third Party, Employee Error/Negligence, Accidental Web/Internet Exposure, and Physical Theft.

The ITRC tracks four types of compromised information: Social Security number, Credit/Debit Card number, Email/Password/User Name, and Protected Health Information (PHI).

Total records exposed only include records for which count is available.

Zecurion offers deeper insight into selected incidents caused either by accidental or intentional data breaches. With all such incidents, the common elements describing the impact of this growing problem are financial loss, compromised intellectual property and dwindling customer confidence. Let us see how some sectors have been impacted as of October 2016. The excerpts below only provide a glimpse of some of these incidents – the list goes on.

Government

August 26, 2016 – County of Sacramento, California, issued a statement that an unknown number of records with personal data were exposed due to an error in the online automated application for Emergency Medical Service license. The information included name, address, social security number, driver’s license, phone number, date of birth of the applicants. Although there has been no report of misuse of PII, yet the county offered one year credit monitoring services of Experian to the affected people as a precaution.

Source: California Attorney General

 Healthcare

September 26, 2016 – One worker at Yale- New Haven Hospital and her friend were arrested for illegally procuring classified personal information of at least 20 near death patients and using the stolen data to obtain credit cards, becoming beneficiaries in their insurances among other planned crimes. This had been going on for two years before they were caught. A year’s credit monitoring has been offered to the victims.

Source: Media: News 3

August 12, 2016 – Bon Secours Health System disclosed that R-C Healthcare Management, a third-party vendor managing their Medicare and Medicaid reimbursement, accidentally left patients’ files accessible over the internet while updating network settings. About 665,000 records containing patient name, health insurer’s name, health insurance identification number, social security number and some health information was exposed to the general public. A forensic investigator was hired to correctly identify people that were affected by this breach and then informed about the incident. 435,000 were from Virginia and the rest were from Kentucky and South Carolina. No misuse of the exposed data has been reported so far.

Source: Media: http://www.nbcconnecticut.com/

Business

September 22, 2016 – Premier America Credit Union, California, reported that a departing employee sent an account list containing name, address and maybe social security and/or employer Identification number to his personal email address for most likely solicitation purposes in future. The employee was reminded of his obligations and company regulations and advised not to use any of this information for any purpose. The management further offered complimentary one year credit monitoring services of Experian to the victims.

Source: California Attorney General
August 8, 2016 – 7-Eleven reported that in June 2016 during a regular maintenance cycle some of the franchisees received the records of employees other than their own franchisee’s employees. The exposed information contained name, address, phone number and social security number of 7,820 employees. The correction was completed within 5 days. 7-Eleven offered 12 months of First Watch Technologies’ professional identity monitoring service to the victims in addition to $1,000,000.00 in identity theft insurance with no deductible.

Source: California Attorney General

Keep Sensitive Data Secure on a Tight Budget

As more services move towards the cloud, it is important to establish network security so as to ensure secure data transfer. Similarly, businesses that manage critical personal data need to maintain airtight security policies and procedures. Not having such policies in place may lead to security breaches or expensive client lawsuits. According to a 2016 report from the Ponemon Institute, almost 50 percent of small organizations that were surveyed experienced a data breach in the previous year. Another research by Symantec found that almost 43 percent of cyber-attacks in 2015 were targeted towards small businesses, up from 18 percent in 2011.

Small businesses make for an enticing target as they usually do not have the necessary security controls in place to secure their financial data from internal as well as external threats. Here are some low budget tips that can help small businesses keep their financial data safe.

  • Install proper network and work station controls such as properly configured firewall, anti-virus software, and updated patches for all hardware and software. Criminals usually try to exploit sensitive data such as Personally Identifiable Information (PIT), business trade secrets, financial data and other critical company information. Organizations must have restrictions in place for allowing only the least number of employees having access to sensitive information, especially financial or that related to security. Strict compliance must be ensured and employees must be trained and updated about it. This will help reduce incidents of data loss/ theft. Access to all storage, computing and online-based media like servers and databases must be restricted to only a few trusted employees.
  • Establish a culture of security by training and informing employees about accessing unsafe websites while at work that may result in major breaches. Companies may also resort to block access to certain sites for security reasons.
  • Conduct periodic testing to keep a check on vulnerabilities. The frequency of testing must depend on functional criticality and size of the company. With smartphones being used as devices for transfer of data, companies must ensure that these devices also fall under the purview of DLP policies and practices. Mobile devices must have anti-virus software installed and be up-to-date.
  • Get finance teams/ CTOs involved to understand the risks involved and get a holistic view of what can be done to mitigate these risks at the base level – without incurring too much cost.
  • Implement two-factor authentication along with strong password policy. Two-factor authentication requires use of a password plus a code or a biometric marker to access data. The additional layer of security makes access to sensitive data more difficult.
  • Set aside a small budget specifically for continuous monitoring or security-related loopholes to help ward off any attacks and threats. If utilizing the services of third party vendors for securely managing data, have a Service Level Agreement (SLA) which details security expectations and gives the right to thoroughly audit the vendor to confirm and ensure compliance with policies.

In essence, by just implementing and following certain basic tenets of security, most organizations can secure their sensitive data with bare minimum costs.

Is Cloud Storage Right for Your Business?

Storing data locally in your own data center has a number of limitations. Storage capacity and redundancy are limited by the server and drive space available in the data center. Increasing capacity to meet demand is costly and time-consuming. If demand falls off, you are left with wasted capacity sitting idle.

In the event of a hardware failure or power outage in the data center, your data will be unavailable, and could possibly end up corrupted or permanently damaged. In the event of a catastrophe, any backup data stored locally could be wiped out along with the production data, which would be devastating for most companies.

Benefits vary from vendor to vendor and depend on the service level you negotiate, but here are some of the primary benefits of storing data in the cloud:

  • Scalability―Cloud computing allows you to quickly and easily scale capacity, either increasing or decreasing available storage space to meet current demands. That means you will be able to handle unexpected spikes in capacity needs without having to over-invest in hardware that will spend most of the time idle.
  • Redundancy―Cloud storage providers generally provide multiple sites that are geographically separate, but with mirrored copies of all data. Hardware failures, power outages, or natural disasters affecting a site will be transparent to you because your data will still be accessible from the alternate sites.
  • Hardware Upgrades―Hardware changes so rapidly that your data center investment can be bordering on obsolescence when you have barely implemented it. A third-party vendor dedicated to providing hosted online storage will invest in hardware and infrastructure upgrades over time so you get the benefit of newer technology without having to constantly re-invest in new hardware.
  • Disaster Recovery/ Business Continuity―Storing data in the cloud also means that it is being stored offsite. In the event of a catastrophe or natural disaster impacting the local office, the data itself will still be protected and available online. Business will be able to continue almost seamlessly from alternate locations, and the data will be immediately available once normal operations resume at the primary office facility.
  • Cost―Considering what you get, scalable, redundant storage that also doubles as a disaster recovery and business continuity solution, the cost of cloud storage is typically quite reasonable. Consider as well that by engaging a third-party host for your data, you don’t have to hire personnel to manage data storage in-house, with their associated salaries and benefits. With the economies of scale offered by a cloud storage provider, adding additional space is a fraction of the investment that would be required for new hardware, and the power and cooling necessary to accomplish the same thing in an internal data center.

Leveraging cloud data storage provides a scalable, reliable, cost- effective storage solution. While there are multiple benefits, the type of cloud storage solution that works best for your company is based on your own specific needs.

Why is On-Demand Cloud Security Gaining Momentum?

 

Demand for cloud computing is high

Cloud computing today is the new normal. The need for cloud services is evidenced and accelerated by the growing number of organizations that are increasingly adopting cloud-based applications for communications, collaboration, business processing and storage. The use cases for the need is only strengthened by business drivers (cloud-driven innovation, user satisfaction, etc.) and technology drivers (agility, scalability, and costs).

Resistance to cloud adoption is gradually waning

In the near past, organizations have not been entirely comfortable with switching over to cloud computing. A big concern was (and to an extent, still is) the lack of faith in the provision of security in the cloud. Naturally, this means that organizations are not sure if data stored in the cloud is safe from incidents such as hacking and data theft. Add to this, the proliferation of bring-your-own-device (BYOD) to work―and the level of risks and concerns just shoot through the roof. A survey by HyTrust found that more than 45% of organizations identify security as a top concern when deploying cloud infrastructure.[1]

Organizations have, however, identified a mid-way through emergence of the hybrid model. The model allows organizations to leverage the benefits of cloud computing while retaining critical applications in their own data centres.  Towards this, a positive finding from the HyTrust survey is that nearly 70% of respondents believe that data breaches and other security risks are becoming less of an obstacle to cloud deployment.[2]

The shift to an on-demand cloud security model

Traditionally, organizations have deployed on-premise security controls to maintain greater control and flexibility over access and usage of data and applications. With confidence around cloud deployments growing, organizations are now extending security controls across the traditional on-premise model to an on-demand model. The drivers are the same as for any other cloud application―scalability, flexibility and cost.

The on-demand model brings in a lot more flexibility enabling organizations to deploy security agents based on usage. The benefits are immediate as the service can be deployed quickly. This allows organizations to scale their security as per business needs, without adding to costly administrative resources.

While some security controls are made available by cloud service providers, it becomes complicated and costly for organizations to keep a track of a plethora of cloud workloads. Towards this provision of an on-demand service, that gives clear visibility on all instances, streamlines security and greatly enhances operational efficiency.

As business threats are growing and getting complicated, organizations are realizing the benefits that the on-demand cloud security model can bring. While its adoption is yet to accelerate, the time is right to pause and think prudently―are you ready to do everything yourself or do you want to focus on your core business and deploy a managed service that takes care of all your vulnerabilities as well as compliance. It is time to act now.

[1] http://www.enterprisetech.com/2016/04/22/security-concerns-easing-cloud-deployment/

[2] Ibid.