As we move into 2018, one reality is becoming inescapable: you are a data company. Whether your core business is finance, healthcare, oil and gas, or retail, the importance of data cannot be overstated. This is perhaps best demonstrated by the cost of a data breach due to cyber attack: According to the 2017 Ponemon Cost of Data Breach Report, the average cost of a data breach is $3.26 million, and the average value of each stolen record is $141.
This is to say nothing of the cost of brand damage and public scandal. Equifax knows this all to well: Beginning in May, the credit reporting agency experienced a three-month long cloud breach that resulted in 209,000 stolen credit card numbers and personally identifying information for 182,000 people being leaked.
Another key indicator of the importance of data is the rise of cloud adoption. The cloud offers data and IT scalability that is difficult-to-impossible for companies to achieve with legacy on-premises solutions alone. It’s no surprise that, by mid-2018, companies are expected to commit 80% of their IT budgets to cloud apps and solutions.
Traditionally, cloud and security have been at odds. But in 2017, is security still problematic for potential cloud adopters?
Companies Still Don’t Trust the Public Cloud
While confidence in the public cloud is on the rise, companies are still listing security as a primary deterrent to migrating their data to the cloud:
- According to the RightScale 2017 State of the Cloud Report, security is cited as the number one challenge for companies looking to begin their journey to the cloud.
- The Building Trust in a Cloudy Sky: The State of Cloud Adoption and Security report found that 49% of businesses are delaying cloud deployment due to a cyber security skills gap.
- The same report found that only 23% of organizations today completely trust public clouds to keep their data secure.
For most IT professionals, these numbers are likely unsurprising. And just a few short years ago, they would have been justified. However, times have changed, and so has security in the public cloud.
The Reality of Security in the Cloud is Better than You Think
The statistics outlined so far have not gone unnoticed by public cloud providers. As 2017 draws to a close, organizations are finally seeing public cloud security capabilities catch up to data security requirements.
Take Azure, for example. Microsoft Azure offers the highest level of encryption methods, protocols, and algorithms to ensure data is protected both in transit and at rest. This includes the use of Transport Layer Security/Secure Sockets Layer (TLS/SSL) to encrypt communications.
Azure also uses Advanced Encryption Standard (AES)-256. AES is FIPS (Federal Information Processing Standard) certified. AES security is strong enough to be considered military-grade encryption. Currently, classified government information at the SECRET level requires a minimum AES algorithm key length of 128, while TOP SECRET information requires either the 192 or 256 key lengths.
Microsoft also offers robust identity and access management tools. These include multi-factor authentication, role-based access control, and integrated identity management that enables security over cross-platform single sign-on systems.
Security precautions such as the above enable Microsoft to provide compliance guarantees for dozens of industry-specific regulations. Consequently, a shift is beginning to occur: top-performing cloud companies are starting to see the public cloud as a security asset rather than a security liability. With decades of experience and billions of dollars funneled into security innovation, companies like Microsoft can provide a level of security that is impossible for most businesses to match.
If there’s a catch, it’s that managing security in the cloud takes a particular skill set that many companies lack. For this reason, managed service providers are stepping up to bridge the knowledge gap. Contact Hanu today to find out how you can maximize your security in the public cloud.