January 8, 2015 By Domenico Raguseo 3 min read

When it comes to adopting delivery models such as the cloud, one of the biggest concerns for small and midsize businesses (SMB) is security. However, it is unclear whether those concerns are founded. Cybercrime is increasing, and not just because of increased cloud adoption.

I cannot remember many situations in which the cloud has been the root cause of an attack. Distributed denial-of-service attacks, SQL injections and cross-site scripting are usually used to attack enterprises, and zero-day vulnerabilities have also been exploited inside enterprises.

Though utilizing a security service is an additional cost, it is now mandatory for organizations of all sizes. An enterprise might as well not exist if it isn’t on the Internet — and if you are on the Internet, you are exposed to cybercrime. This is even more important for an SMB, which must invest in innovation while operating on a very limited budget.

For the aforementioned reasons, investing in security is vital.

The Cost of Security and Innovation for an SMB

It is important to consolidate the needs of innovation with the cost of upholding security, data resiliency and your infrastructure. Usually, the cloud is the answer, and the shift from an on-premises system to the cloud should be undertaken with attention to security.

In fact, once you decide to move some of your workload to the cloud, your cloud security could be considered even more secure than your on-premises systems if users and providers adapt the concept of security to the new delivery model. It is important that providers and users understand that the new concept for security needs to be flexible, not static. Like all cloud services, this concept needs to be more automatic and less manual.

In this case, the enterprise’s investments can be minimized, and the enterprise can rely on skills and technologies provided by vendors to provide those services. This is typical of cloud service providers for different types of workloads and security.

What to Consider When Moving to the Cloud

Understanding who is accessing the cloud from anywhere at any time is likely one of the biggest concerns for companies considering a move to the cloud. Inside an enterprise, identity and access management refers to identities and resources within the enterprise. When moving resources to the cloud, you risk losing control of who is accessing what. It is important to maintain a consistent level of control, even if you are accepting some natural standardization. It is also important to ensure the management of identities and resources in the public cloud is synchronized with the management of resources and identities inside the enterprise.

On the other hand, identity management is one workload that can typically be moved to the public cloud. Moving to the cloud can also let enterprises leverage different authentications that are already available. Therefore, moving to the cloud doesn’t just increase security; it may also reduce the cost of the service itself.

Preventing Against Exploits

How is it possible to fix vulnerabilities and defend against attacks before the vulnerabilities are exploited? Data is the element of the service that often represents the business and is typically the workload moved to the cloud. In this case, it is also important to assess the level of confidentiality the data should have and plan for maintaining that level of protection.

How can we obtain a comprehensive view of the cloud and traditional environments? Inside an enterprise, it is possible to control all the events and flows and relate them to possible offenses. But if some services are provided from the cloud? This implies that attacking a service provider is enough to attack the enterprise the contracted it. In this case, what is important is that events and flows from the cloud are integrated into the security intelligence framework designed for the enterprise.

Moving to the cloud is possible, and possibly more secure — just be sure to consider security during the shift.

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today