Cloud computing is evolving at a rapid pace. Today, there’s a range of choices for moving applications and data to cloud that includes various deployment models from public and private to hybrid cloud service types. Organizations are seeking ways to utilize multiple clouds as part of a broader digital strategy. With a multicloud approach, companies can avoid vendor lock-in and take advantage of the best-of-breed technologies, such as artificial intelligence (AI) and blockchain.

And, the business benefits are clear: improved flexibility and agility, lower costs and faster time to market.

According to an IBM Institute for Business Value survey of 1,106 business and technology executives, 85% of organizations are already operating multicloud environments, and 98% plan to use multiple hybrid clouds by 2021. However, only 41% have a multicloud management strategy in place.

When it comes to choosing cloud solutions, there are many options available. It’s important to understand the differences between the types of cloud deployment and cloud service models and understand how the sensitive data within these environments can be protected.

Understanding Cloud Service Models

Over the past decade, cloud computing has matured in several ways and has become a tool for digital transformation worldwide. Generally, clouds take one of four cloud service models: infrastructure as a service (IaaS), platform as a service (PaaS), software as a service (SaaS) and database as a service (DBaaS).

  • IaaS allows organizations to maintain their existing physical software, middleware platforms and business applications on the infrastructure provided and managed by the service provider. Organizations benefit from this approach when they want to quickly take advantage of the cloud while minimizing impact and using existing investments.
  • PaaS allows companies to use the infrastructure and middleware or software, provided and managed by the service provider. This flexibility removes a significant burden on a company from an information technology (IT) perspective and allows it to focus on developing innovative business applications.
  • SaaS is a service model that outsources all IT and allows organizations to focus more on their core strengths instead of spending time and investment on technology. It offers SaaS to the end users. In this cloud service model, a service provider hosts applications and makes them available to organizations.
  • DBaaS solutions are hosted and fully managed database environments by a cloud provider. For example, a firm might subscribe to Amazon RDS for MySQL or Microsoft Azure SQL Database.

With each step, from IaaS to PaaS to SaaS to DBaaS, organizations give up some level of control over the systems that store, manage, distribute and protect their sensitive data. This increase in trust placed in third parties also presents an increase in risk to data security.

Cloud deployments work on a shared responsibility model between the cloud provider and the consumer. In the case of an IaaS model, the cloud consumer has room to implement data security measures much like what they would normally deploy on premises and exercise tighter controls. For SaaS services, cloud consumers have to rely on the visibility provided by the cloud provider which, in essence, limits their ability to exercise more granular controls.

It’s important to note that regardless of the chosen architecture, it’s ultimately your organization’s responsibility to ensure appropriate data security measures are in place across environments. To learn more about how to adapt your data security, data privacy and compliance practices to the hybrid multicloud, read the “Overcoming Data Security Challenges In a Hybrid Multicloud.”

Keeping Your Sensitive Data Safe Everywhere

Organizations must adopt a consistent and unified approach to hybrid, multicloud data security given the evolving threat landscape. Consider the following questions:

  • What data is staying on premises?
  • What data is moving to the cloud?
  • How can data access be monitored?
  • What types of vulnerabilities should be considered?
  • How can we demonstrate compliance with data security and regulatory requirements?

With these questions answered you’ll have a better understanding of the current and future state of your data environment. As a result, you can start to apply in-context data access controls that accommodate the different data types and their location. Controls should include flexible access policies, data encryption, tokenization, as well as data masking, blocking and redaction etc. Having a wide range of data protection options not only allows you to apply the appropriate levels of protection to address your specific data security and compliance needs, but it also helps ensure that your controls are not adding unnecessary friction for users who are authorized to access that data.

Accelerating Compliance

Today, organizations must think beyond just complying with industry regulations such as Health Insurance Portability and Accountability Act, Payment Card Industry and Sarbanes-Oxley. The realities of cloud-based storage and computing mean your sensitive data across hybrid multicloud systems could be subject to privacy regulations.

If your data is in a public cloud, you must be aware of how the service provider plans to protect your sensitive data. For example, according to the European Union (EU) General Data Protection Regulation, information that reveals a person’s racial or ethnic origin is considered sensitive and could be subject to specific processing conditions. These requirements even apply to companies located in other regions of the world that hold and access the personal data of EU residents.

It’s important to understand that whatever your deployment model or cloud service type, data security must be a priority. What’s of great concern is your sensitive data now sits in many places, both within your company’s walls and outside of them. And, your data security, data privacy and compliance controls need to go wherever your data goes.

To learn more about how to adapt your data security, data privacy and compliance practices to the hybrid multicloud world, read the ebook, “Overcoming Data Security Challenges in a Hybrid, Multicloud World.”

Download the Ebook

More from Cloud Security

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Cybersecurity in the Next-Generation Space Age, Pt. 4: New Space Future Development and Challenges

View Part 1, Introduction to New Space, Part 2, Cybersecurity Threats in New Space, and Part 3, Securing the New Space, in this series. After the previous three parts of this series, we ascertain that the technological evolution of New Space ventures expanded the threats that targeted the space system components. These threats could be countered by various cybersecurity measures. However, the New Space has brought about a significant shift in the industry. This wave of innovation is reshaping the future…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

How Posture Management Prevents Catastrophic Cloud Breaches

We've all heard about catastrophic cloud breaches. But for every cyberattack reported in the news, many more may never reach the public eye. Perhaps worst of all, a large number of the offending vulnerabilities might have been avoided entirely through proper cloud configuration. Many big cloud security catastrophes often result from what appear to be tiny lapses. For example, the famous 2019 Capital One breach was traced to a misconfigured application firewall. Could a proper configuration have prevented that breach?…