Cloud computing is evolving at a rapid pace. Today, there’s a range of choices for moving applications and data to cloud that includes various deployment models from public and private to hybrid cloud service types. Organizations are seeking ways to utilize multiple clouds as part of a broader digital strategy. With a multicloud approach, companies can avoid vendor lock-in and take advantage of the best-of-breed technologies, such as artificial intelligence (AI) and blockchain.

And, the business benefits are clear: improved flexibility and agility, lower costs and faster time to market.

According to an IBM Institute for Business Value survey of 1,106 business and technology executives, 85% of organizations are already operating multicloud environments, and 98% plan to use multiple hybrid clouds by 2021. However, only 41% have a multicloud management strategy in place.

When it comes to choosing cloud solutions, there are many options available. It’s important to understand the differences between the types of cloud deployment and cloud service models and understand how the sensitive data within these environments can be protected.

Understanding Cloud Service Models

Over the past decade, cloud computing has matured in several ways and has become a tool for digital transformation worldwide. Generally, clouds take one of four cloud service models: infrastructure as a service (IaaS), platform as a service (PaaS), software as a service (SaaS) and database as a service (DBaaS).

  • IaaS allows organizations to maintain their existing physical software, middleware platforms and business applications on the infrastructure provided and managed by the service provider. Organizations benefit from this approach when they want to quickly take advantage of the cloud while minimizing impact and using existing investments.
  • PaaS allows companies to use the infrastructure and middleware or software, provided and managed by the service provider. This flexibility removes a significant burden on a company from an information technology (IT) perspective and allows it to focus on developing innovative business applications.
  • SaaS is a service model that outsources all IT and allows organizations to focus more on their core strengths instead of spending time and investment on technology. It offers SaaS to the end users. In this cloud service model, a service provider hosts applications and makes them available to organizations.
  • DBaaS solutions are hosted and fully managed database environments by a cloud provider. For example, a firm might subscribe to Amazon RDS for MySQL or Microsoft Azure SQL Database.

With each step, from IaaS to PaaS to SaaS to DBaaS, organizations give up some level of control over the systems that store, manage, distribute and protect their sensitive data. This increase in trust placed in third parties also presents an increase in risk to data security.

Cloud deployments work on a shared responsibility model between the cloud provider and the consumer. In the case of an IaaS model, the cloud consumer has room to implement data security measures much like what they would normally deploy on premises and exercise tighter controls. For SaaS services, cloud consumers have to rely on the visibility provided by the cloud provider which, in essence, limits their ability to exercise more granular controls.

It’s important to note that regardless of the chosen architecture, it’s ultimately your organization’s responsibility to ensure appropriate data security measures are in place across environments. To learn more about how to adapt your data security, data privacy and compliance practices to the hybrid multicloud, read the “Overcoming Data Security Challenges In a Hybrid Multicloud.”

Keeping Your Sensitive Data Safe Everywhere

Organizations must adopt a consistent and unified approach to hybrid, multicloud data security given the evolving threat landscape. Consider the following questions:

  • What data is staying on premises?
  • What data is moving to the cloud?
  • How can data access be monitored?
  • What types of vulnerabilities should be considered?
  • How can we demonstrate compliance with data security and regulatory requirements?

With these questions answered you’ll have a better understanding of the current and future state of your data environment. As a result, you can start to apply in-context data access controls that accommodate the different data types and their location. Controls should include flexible access policies, data encryption, tokenization, as well as data masking, blocking and redaction etc. Having a wide range of data protection options not only allows you to apply the appropriate levels of protection to address your specific data security and compliance needs, but it also helps ensure that your controls are not adding unnecessary friction for users who are authorized to access that data.

Accelerating Compliance

Today, organizations must think beyond just complying with industry regulations such as Health Insurance Portability and Accountability Act, Payment Card Industry and Sarbanes-Oxley. The realities of cloud-based storage and computing mean your sensitive data across hybrid multicloud systems could be subject to privacy regulations.

If your data is in a public cloud, you must be aware of how the service provider plans to protect your sensitive data. For example, according to the European Union (EU) General Data Protection Regulation, information that reveals a person’s racial or ethnic origin is considered sensitive and could be subject to specific processing conditions. These requirements even apply to companies located in other regions of the world that hold and access the personal data of EU residents.

It’s important to understand that whatever your deployment model or cloud service type, data security must be a priority. What’s of great concern is your sensitive data now sits in many places, both within your company’s walls and outside of them. And, your data security, data privacy and compliance controls need to go wherever your data goes.

To learn more about how to adapt your data security, data privacy and compliance practices to the hybrid multicloud world, read the ebook, “Overcoming Data Security Challenges in a Hybrid, Multicloud World.”

Download the Ebook

More from Cloud Security

New cybersecurity sheets from CISA and NSA: An overview

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) have recently released new CSI (Cybersecurity Information) sheets aimed at providing information and guidelines to organizations on how to effectively secure their cloud environments.This new release includes a total of five CSI sheets, covering various aspects of cloud security such as threat mitigation, identity and access management, network security and more. Here's our overview of the new CSI sheets, what they address and the key takeaways from each.Implementing…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

Cloud security uncertainty: Do you know where your data is?

3 min read - How well are security leaders sleeping at night? According to a recent Gigamon report, it appears that many cyber professionals are restless and worried.In the report, 50% of IT and security leaders surveyed lack confidence in knowing where their most sensitive data is stored and how it’s secured. Meanwhile, another 56% of respondents say undiscovered blind spots being exploited is the leading concern making them restless.The report reveals the ongoing need for improved cloud and hybrid cloud security. Solutions to…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today