While companies are moving to the cloud for the benefit and future growth of their business, they are ignoring the fact that virtual environments are not always fully secure. Remember that in the eventuality of a breach, corporations—not cloud providers—would be held accountable. It is time for corporations to be concerned about their security policies. For instance, a large number of them allow their employees to use Enterprise File Sync and Share (EFSS) services such as DropBox or Box for increased collaboration. As Drop Box is in the public cloud, and control over security is with the provider, not the customer, this exposes the organization endpoints to vulnerabilities. Another crisis alert: Companies are unaware of the threats when they outsource equipment and resources like servers, storage, and networking to vendors such as Amazon Web Services or Windows Azure. In other words, organizations lack the ability to oversee day-to-day operations of cloud management.
2016 witnessed some of the largest data breaches ever, but 2017 could be even worse as companies move to the cloud without proper security preparedness
LinkedIn, Tumblr, MySpace and a host of other social entities were not spared this year. Corporations too suffered their share of ignominy. There are no certainties in attack targets: no institution, government, organization or entity is immune against a data breach. Every year, the number of breach incidents surpass the record from the previous year. There have been nearly 2,300 confirmed cases of data breaches in 2016. This number will continue to increase as more companies are adopting cloud solutions for communication, transaction, storage, and service without due attention to encryption standards.
The world-famous data breach at Target is still fresh in everyone’s memory. Writing two years later in Between the Lines, Natalie Gagliordi, observed, “To this day, Target has not disclosed precisely how the breach occurred or what exactly it has done to prevent another attack on its system.” According to 2015, Spice works survey, more than 60% of businesses utilize the cloud for performing IT-related operations, which makes it difficult to secure business-critical applications. There have been over 100,000 reported incidents of data breach in 2016 (only a minuscule portion of it has been categorized as “confirmed cases”).
When it comes to security, the common approach to encrypting data for storage in cloud infrastructure environments is to encrypt network traffic.Companies effectively give up ownership of that particular service to the provider—but this is not ideal. Data encryption, when executed properly, protects the sensitive information stored within any given organization. Although there are many myths attributed to data encryption (too expensive, too difficult to manage, too cumbersome to deploy), the surprising truth is that at its core, data encryption provides a foundation piece to any data security protection strategy.
As previously mentioned, the increasing enterprise adoption of cloud technology, particularly EFSS services, has created a need for security solutions to be able to encrypt files at the endpoint before they are synchronized to the cloud. This can be done with encryption solutions that enable the end-user organization to maintain control over the encryption key management of files stored in the cloud.According to the Spice works survey, approximately one-third of organizations encrypt or plan to encrypt, data at the disk/device levels.