April 30, 2020

Debunking 5 Cloud Security Infrastructure Myths

The technologies that make it possible for remote work to be dependable and secure have already been available for years, but the current push for as many employees as possible to work from home has dramatically accelerated their adoption. As organizations shutter their brick-and-mortar offices and facilities, the cloud is taking center stage in enabling operational continuity, with many software-as-a-service (SaaS) applications seeing unprecedented spikes in usage.

With workforces rapidly going remote, there’s greater need for the scalability, ease of resource deployment and high availability that are inherent advantages of cloud computing. As employees turn to the cloud for everything from video conferencing and collaboration tools to full-stack development platforms, security must follow people, data and workloads to the cloud.

Though moving security to the cloud will better position organizations for productivity and efficiency today, doing so is also vital preparation for the future. According to a recent Gartner survey, nearly three in four businesses plan to convert at least 5% of their previously on-site employees into permanent remote workers. 

Moving to cloud-based security is critical for enabling remote work at scale without breaking the bank. It will give your security team a better understanding of how people are working, which applications they’re using, and how they’re accessing data--and enables them to do so efficiently.

To reap maximum benefits from a cloud-based security solution, however, you’ll need to choose your provider carefully, ensuring that they hold the appropriate certifications, have stringent security controls in place, and maintain an infrastructure capable of supporting high availability and performance. You’ll also want to make certain that to take your own business—and industry-specific requirements—into account. 

Beyond that, take care to avoid the following misconceptions that continue to persist:

1.  Myth: Security certifications are only important for compliance teams.

Most of the time, internal compliance teams are centrally concerned with checking certifications for functions within your own business. However, any vendor you partner with—especially one who will handle or secure your sensitive data—must also be in compliance with any national, local or industry-specific regulations you are bound to adhere to. Verifying certifications should be part of the vendor selection process.

2.  Myth: Cloud provider data centers are always more secure than corporate ones.

It’s true that major cloud providers typically maintain strong—even world-class—safeguards to protect their data centers’ physical security. But there’s less consistency when it comes to implementing data security controls, especially within SaaS applications. To ensure a provider is in compliance with relevant standards and regulations, look for certification from a third-party auditor.

3.  Myth: The more datacenters a cloud service provider has, the better the performance.

Although cloud service providers should have more than a minimum number of data centers to ensure redundancy and an adequate geographical presence for low latency, having more data centers beyond this threshold does not improve throughput or performance. Instead, networking technologies such as cloud peering and datacenter peering exchanges make the biggest difference to performance by providing more efficient and direct data flows.

4.  Myth: The security of your cloud service provider doesn’t impact your cybersecurity insurance costs.

Cybersecurity insurance premiums are set according to your individual business’s risk profile. If you can demonstrate that you have proper threat protection, data security, and data protection measures in place, and your provider can show certifications and demonstrate appropriate operational processes as evidence, your risks will be minimized. And, it’s likely you’ll pay lower premiums as a result.

5.  Myth: Compliance is solely driven by external forces.  

Governmental and industry-wide regulations were put in place to ensure that citizens’ and customers’ sensitive personal and financial data is protected. Compliance is in your business’s best interest because it shields you against devastating reputational damage and the loss of public trust. It’s likely, however, that your organization will benefit from protecting additional types of data beyond those subjected to regulatory standards. Intellectual property and strategic plans are the lifeblood of your business. It’s critical to develop data protection policies that will safeguard these “crown jewels” as well.

On a related note, for those of you who want to dig deeper into each of these myths, we encourage you to check out the eBook All Clouds are Not Equal. Just click on the Read the eBook button on the green banner on the right. 

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.