How do you protect data and applications in the cloud?

Many decision-makers in IT regard security management as one of the most important challenges in the cloud. For more than one-in-three CIOs, data privacy is a major concern followed by a lack of security skills and experience (34%) and cloud resource issues (25%) (1). Bart Callens, Product Manager for security at Proximus: "Cybersecurity has long held CIOs back from working in the cloud or migrating applications to the cloud. Today, cybersecurity is no longer a stumbling block but it is, of course, still important to take the necessary measures."

Secure cloud use crucial

Research and consulting firm Gartner predicts that, by 2025, 99% of all security breaches in the cloud will be linked to unsafe actions or incorrect configuration by the end-user. (2) Callens points out that the question today is no longer whether the cloud is safe, but whether we use it in a safe way. "The cloud is certainly not inherently insecure, but working with it in the right way is crucial. It is about implementing cloud security company-wide and involving all actors in that process."

Bart Callens, Product Manager at Proximus

Callens believes that security should be on the table as soon as we start talking about migrating to the cloud. "What that security should look like depends largely on your cloud architecture, your cloud strategy and the data and applications you use and process there." Everything starts with a risk analysis. "This creates an overview of the existing data flows and applications, linked to their respective degree of risk. That exercise forms the basis for an action list setting out all the controls and processes to be implemented."

Know your cloud environment

Within a hybrid cloud strategy, each cloud environment is different. “Enterprises really need to look at cloud security layer by layer, from the network layer through the operating system layer to the application layer”. "Anyone who migrates data to the cloud is always responsible for that data. In a software-as-a-service (SaaS) model, the cloud provider is responsible for the security of the application layer, whereas with platform-as-a-service or infrastructure-as-a-service, this responsibility remains with the user.

Security also looks different for public clouds like those of Amazon, Google or Microsoft. Insight into those specific points of interest per provider and per cloud model ensures that you can prevent data breaches or deal with them as quickly as possible."

Callens recommends partnering with a provider that covers the entire cloud spectrum. "Looking at the entire IT infrastructure, from the private to the public cloud, to on-premise and edge, as a single umbrella is a good idea. Regular risk analyses are the cornerstone for an optimal design of your cloud security. An analysis like that also makes it clear where and how best to process sensitive or personal data."

Bart Callens, Product Manager at Proximus

Proactive and curative

No matter how meticulously and strictly all security procedures are set up, it is impossible to rule out data leaks entirely. In 2021, 79% of companies reported that they had experienced a data breach in the previous year (3). "Setting up the appropriate procedures in advance is crucial. These usually go beyond any legal requirements. A data breach plan includes all the actions to be taken to minimize the impact of a cyber attack. Again, the motto is to include such a plan within all steps of the cloud migration."

Finally, Callens points out that more and more innovative technologies are available within the cloud. "Containers and serverless computing ensure shorter development cycles. But even there, it is important not to lose sight of cloud security and to integrate it within the entire DevOps process."

1. Foundry, Cloud computing study 2022
2. Gartner Hype Cycle Cloud Security 2021
3. IDC Cloud Security Survey 2021