82 percent of IT decision makers say security is more challenging as we've moved to the cloud; however, 58 percent feel more confident about security as a result of moving to the cloud.
It's a dilemma that more and more CISOs are facing. You probably remember the first time someone asked you to move a critical business process to the cloud. Chances are it forced you to recognize that protecting the perimeter of your environment was no longer sufficient. I remember that moment in my career very well. For me it was in the early 2000s. Our sales team wanted to replace our clunky old CRM system with an innovative new SaaS solution that was taking the world by storm.
The request made perfect sense. An entry-level business development rep who provided tech support during his few free minutes managed the old system on top of his other responsibilities. It was clear that we needed a better way. The SaaS solution would allow us scalability, better reporting and less back-end maintenance, and the development rep could focus on his day job.
The solution seemed like an obvious win except it presented me with an unsettling security challenge--I had to relinquish some control over protecting our data. While it's not the most thorough definition, my favorite definition of "cloud" is simply "someone else's computers." This CRM project was not the first time I trusted my sensitive data to someone else. We already had third party auditors with piles of our most sensitive data, consultants with access to our code, and a dozen other ways that we were trusting external entities to keep our data secure. However, this CRM project was the first time I had to admit securing our data externally was quickly becoming the new normal.
According to Ping's partner, Netskope, enterprises now use approximately 1000 cloud applications. Many CISOs are being asked to move to cloud infrastructures for the same reasons that inspired our CRM move: budget advantages; agility; scalability, and reduced maintenance. And they are being asked from all areas of the organization. Every department is tasked with doing more, faster, and there are plenty of vendors creating cloud solutions that address these needs. In the last few years, the sheer volume, scale and speed of new cloud solutions entering the market has become overwhelming.
In the decade since I worked on the CRM project, I (along with the rest of the industry) have gotten pretty good at reviewing, approving, and implementing solutions on "someone else's computers." But, no matter how quickly you move, it takes time for security teams to review and approve every cloud offering that enters the enterprise. That's why shadow IT is a becoming a huge challenge for CISOs.
While this caution is certainly understandable, it's not entirely necessary because today we have technology resources that can help us navigate the complexities of cloud security. Identity and access management (IAM) solutions provide a successful framework for securing data in cloud environments. A forward looking approach supports the concept of identity defined security. Not only does it resolve the security challenge holding cloud adoption in check, it transforms security from an impediment to the main reason to migrate to cloud solutions.
Because IAM applies security controls at the identity data level, organizations can enforce access governance based on regulatory policies, corporate policies and customer consent policies anywhere the data is used. It enables end-to-end encryption so that data is protected as it travels beyond your firewall. Plus, authentication technologies like multi-factor authentication and single sign-on strengthen security by reducing dependence on passwords and decreasing attack vectors. It ensures that no matter what cloud solutions are added to your environment, many of the same strict security controls will be uniformly enforced.
The massive move to the cloud may be increasing our dependence on someone else's computers, but it doesn't have to reduce the amount of control we have over our data. When it's done well, identity defined security strengthens our defenses against breach and makes it possible for us to reap all of the benefits of the cloud without unacceptable risk.
We're looking forward to the insightful conversations on cloud security and other security topics planned for this year's Cloud Identity Summit in Chicago, June 19-22. If you haven't registered yet, make plans to attend and reserve your spot!