Click here to get this post in PDF
A key indicator of the importance of data in 2019 is the rise of cloud adoption. The cloud provides data and IT scalability that is difficult-to-impossible for firms to achieve with legacy on-premises solutions on their own. It is no shock that companies are expected to invest 80% of their IT budgets to cloud apps and solutions.
Typically cloud and security have been at odds. But in 2019, is security still difficult for potential cloud adopters?
While confidence in the public cloud is increasing, companies are still listing security as a primary deterrent to moving their data to the cloud:
- According to the RightScale 2017 State of the Cloud Report, security is cited as the primary obstacle for companies looking to begin their journey to the cloud.
- The Building Trust in a Cloudy Sky: The State of Cloud Adoption and Security report revealed that 49% of companies are delaying cloud deployment due to a cyber security skills gap.
- The same report indicated that just 23% of groups today completely trust public clouds to keep their data secure.
For the majority of IT workers, these numbers are likely no shock. And just a few years ago, they would have been justified. However, times have moved on, and so has security in the public cloud.
The statistics referred to so far have not gone unnoticed by public cloud providers. As 2019 begins, organizations are now seeing public cloud security capabilities catch up to data security obligations.
Take Azure, for instance. Microsoft Azure provides the highest level of encryption methods, protocols, and algorithms to make sure data is protected both in transit and at rest. This includes the utilization of Transport Layer Security/Secure Sockets Layer (TLS/SSL) to encrypt communications.
Azure also features Advanced Encryption Standard (AES)-256. AES is FIPS (Federal Information Processing Standard) certified. AES security is strong enough to be classified as military-grade encryption. Currently, classified government information at the SECRET level requires a minimum AES algorithm key length of 128, while TOP SECRET information requires either the 192 or 256 key lengths.
Microsoft also provides a strong identity and access management tools. These include multi-factor authentication, role-based access control, and integrated identity management that allows security over cross-platform single sign-on systems. Of course, firms should still use traditional security services, like VPNs.
Security measures such as the above enable Microsoft to provide compliance guarantees for a multitude of industry-specific regulations, such as HIPAA. Consequently, a shift is beginning to occur: top-performing cloud companies are beginning to see the public cloud as a security asset rather than a security liability. With many years of experience and billions of dollars funneled into security innovation, businesses like Microsoft can provide a level of security that is impossible for most businesses to provide.
If there is a catch to be identified, it is that managing security in the cloud and complying with Azure security best practices takes a particular skill set that many companies do not boast.
You may also like: Cloud Security: Myths vs Facts