January 8, 2015 By Domenico Raguseo 3 min read

When it comes to adopting delivery models such as the cloud, one of the biggest concerns for small and midsize businesses (SMB) is security. However, it is unclear whether those concerns are founded. Cybercrime is increasing, and not just because of increased cloud adoption.

I cannot remember many situations in which the cloud has been the root cause of an attack. Distributed denial-of-service attacks, SQL injections and cross-site scripting are usually used to attack enterprises, and zero-day vulnerabilities have also been exploited inside enterprises.

Though utilizing a security service is an additional cost, it is now mandatory for organizations of all sizes. An enterprise might as well not exist if it isn’t on the Internet — and if you are on the Internet, you are exposed to cybercrime. This is even more important for an SMB, which must invest in innovation while operating on a very limited budget.

For the aforementioned reasons, investing in security is vital.

The Cost of Security and Innovation for an SMB

It is important to consolidate the needs of innovation with the cost of upholding security, data resiliency and your infrastructure. Usually, the cloud is the answer, and the shift from an on-premises system to the cloud should be undertaken with attention to security.

In fact, once you decide to move some of your workload to the cloud, your cloud security could be considered even more secure than your on-premises systems if users and providers adapt the concept of security to the new delivery model. It is important that providers and users understand that the new concept for security needs to be flexible, not static. Like all cloud services, this concept needs to be more automatic and less manual.

In this case, the enterprise’s investments can be minimized, and the enterprise can rely on skills and technologies provided by vendors to provide those services. This is typical of cloud service providers for different types of workloads and security.

What to Consider When Moving to the Cloud

Understanding who is accessing the cloud from anywhere at any time is likely one of the biggest concerns for companies considering a move to the cloud. Inside an enterprise, identity and access management refers to identities and resources within the enterprise. When moving resources to the cloud, you risk losing control of who is accessing what. It is important to maintain a consistent level of control, even if you are accepting some natural standardization. It is also important to ensure the management of identities and resources in the public cloud is synchronized with the management of resources and identities inside the enterprise.

On the other hand, identity management is one workload that can typically be moved to the public cloud. Moving to the cloud can also let enterprises leverage different authentications that are already available. Therefore, moving to the cloud doesn’t just increase security; it may also reduce the cost of the service itself.

Preventing Against Exploits

How is it possible to fix vulnerabilities and defend against attacks before the vulnerabilities are exploited? Data is the element of the service that often represents the business and is typically the workload moved to the cloud. In this case, it is also important to assess the level of confidentiality the data should have and plan for maintaining that level of protection.

How can we obtain a comprehensive view of the cloud and traditional environments? Inside an enterprise, it is possible to control all the events and flows and relate them to possible offenses. But if some services are provided from the cloud? This implies that attacking a service provider is enough to attack the enterprise the contracted it. In this case, what is important is that events and flows from the cloud are integrated into the security intelligence framework designed for the enterprise.

Moving to the cloud is possible, and possibly more secure — just be sure to consider security during the shift.

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today