Digital businesses cannot afford to have unauthorised data access in the cloud, nor have their cloud services provider unexpectedly shut down shop. As a corollary, end-users are advised to engage with economically-stable and well-entrenched cloud services providers
At the start of this decade, many regional IT managers expressed concern whether their organisations would ever embrace cloud as a platform or not. They mused that cloud is perhaps suitable for very specific workloads, but they would never migrate their mission-critical workloads to an external platform.
As we move into the next decade, much of the regional mindset has changed to embrace cloud as a business-enabling platform, while keeping mission-critical workloads on a private cloud or even a hybrid cloud platform.
Sheer cost and agility advantages of the public cloud platform is driving regional IT spending into this area at a double-digit growth rate. Requirements of in-country data regulations and compliance is attracting large cloud providers to invest locally. And such players are increasingly investing inside the region and in countries like the UAE and Saudi Arabia, in a relatively steady but consistent manner. According to global research and consulting firm Gartner, the number of managed cloud services providers is predicted to triple by 2020.
So, all seems to be well-established for the rapid movement forward into the realm of widespread cloud adoption and migration. But global risk and cyber security executives continue to remain concerned about relatively-weak security controls and policies that exist across emerging cloud data platforms in general. According to Gartner’s latest ‘Emerging Risks Report and Monitor’ survey, majority of risk executives reported being most concerned about the probability and impact of potential data risks associated with cloud computing.
While adoption and migration of the cloud deliver immediate capex and opex benefits, and bring agility into the organisation, IT and cyber security managers must balance the speed of adoption with increasing levels of control and compliance into the cloud. Institutional- and country-level audits like General Data Protection Regulation (GDPR) of the European Union, punitive measures by the board and other corporate shareholder guidelines do not allow any lack of rigour by IT and cybersecurity managers in this area.
For enterprises that are actively moving to the cloud, there are two principal risk areas that need to be actively monitored going forward. The first area of risk is migration of on-premise data to cloud platforms—this could include sensitive, private and confidential information as well as historical transactional data about the organisation, its suppliers as well as its customers.
IT and cybersecurity managers must ensure that the same level of compliance around security policies and employee sign-on that exist on-premise are maintained for cloud platforms as well. They must know where the data is resident and who is responsible for the migration and movement of data to cloud platforms. Once resident on the cloud, they must remain in control and be responsible for who has access to data in the cloud. Cloud data access policies must remain mirrored to on-premise policies, and it is the IT and cybersecurity managers who are responsible for this in-cloud compliance.
The second area of risk is around the economic, financial and technology stability of the cloud hosting provider and its ecosystem of suppliers. Rapid migration of data to the cloud is driving the spawn of gold-rush cloud service providers, either as direct or indirect players. IT and cyber security managers must be particularly concerned if their cloud service providers change their service-level agreements (SLAs) or display any evidence of inability to provide their services.
The combination of the above two risks, namely, unauthorised access to cloud data and inability to provide cloud services due to lack of compliance by either the organisation or the cloud service provider can have disastrous consequences for the organisation. While such an extreme situation is yet to occur, global advisory firms like Gartner are drawing attention to the possibility of emerging data risk in cloud computing.
As a corollary, end-users are advised to engage with economically-stable and well-entrenched cloud services providers, while the gold-rush is ongoing.
Yasser Zeineldin is chief executive officer, eHosting DataFort.