Nothing to fear from cloud: why cloud security services can be ideal

By Mauricio Sabena, systems engineer manager, ANZ, Palo Alto Networks

Since the advent of cloud, organisations have been adopting it because its agility and flexibility can contribute to greater organisational efficiency and stronger performance. However, security concerns around cloud-based deployments have slowed many organisations down, with data sovereignty concerns often topping lists of reasons why CSOs discourage cloud adoption.

However, that view of cloud is outmoded and outdated. Far from being afraid of using the cloud due to security concerns, CSOs should actually be leveraging cloud technology to improve their cybersecurity.

To do so, it’s important to dispel some of the myths that have grown up around the cloud. One of those is that, for effective security, organisations shouldn’t store their data in the cloud. In general, companies can store data in the cloud, as long as they take appropriate steps to ensure their data is secure.

Security in the cloud is based on a shared responsibility model, where the cloud provider is responsible for securing the platform or application while the customer’s CSO is responsible for securing the data. This isn’t really much different from other types of deployments in which CSOs need to proactively protect data and workloads.

Companies no longer need to fear the cloud. Instead, they should treat cloud-based deployments the same way they would treat any other data storage repository. In other words, they should identify the relevant security concerns and implement measures to reduce or mitigate the risk.

And now, many companies are finding ways to use cloud not just for data storage or workloads but for cybersecurity as well, where not using the cloud should be considered riskier than using it.

This approach makes sense; using the cloud for security lets businesses share cyberthreat information more easily and reduce the costs associated with on-premise installations and maintenance of security technology. It also means businesses can change their providers quickly if necessary, providing the increased flexibility that cloud is famous for.

There are already plenty of cloud-based security solutions that customers should potentially consider. For example, customers could consider a cloud-based offering that lets them collect data from multiple platforms and devices, and from various locations across their networks, without needing to plan for compute and storage needs. This approach doesn’t depend on hardware space or speedy log collection.

Once the logs are in the cloud, customers can leverage cloud-based applications like user behaviour analytics that identify user and device patterns across the network, then use that benchmark information to accurately detect anomalies and act accordingly.

In the past, accessing, storing, and working with large amounts of data required expensive hardware. Organisations would invest in the hardware they required, which would be used for specific projects but would potentially sit idle between those projects, reducing the return on investment. Using the cloud means organisations no longer have to make that investment; instead, they can access the resources they require for the duration of the project and pay as they go, relinquishing the resources once the project is complete. This ensures they never have to pay for resources that they’re not actively using.

There are also cloud services that deliver next-generation security infrastructure to customers that include safe enablement of applications, content filtering and advance threat prevention. This secures remote networks and mobile users, helping businesses reduce the management complexity of costly, time-consuming deployments.

A flexible, on-demand security service means CSOs have scalable options to accommodate growth demands and achieve consistent security throughout their environments, regardless of users’ locations or devices. This means there’s no reason for organisations to avoid or limit their use of cloud. Rather, it means they should leverage the cloud to take advantage of its benefits in the knowledge that, not only does it not create undue risk, but it actually offers a highly-effective platform for businesses to improve their cybersecurity.