Numerous serious IT security incidents in the past year have made it clear: At the corporate level, dangers threaten in previously unknown dimensions, as more and more sensitive data is stored in the cloud. Cloud security executives are faced with major challenges that they can prepare for.
An average company is connected to up to 1,500 partners through cloud services, and 9.3 percent of all cloud-exchanged documents contain sensitive data. This gives more people access to top secret information than ever before. It is unlikely that everyone will follow the same guidelines for data security. For many companies 2018 could be the first year in which they have to deal with the serious consequences of losing their own data – not their own fault.
Data breaches and data thieves
Scientists recently discovered the first administrator password for Office 365 on Darkweb – it was offered for sale there. About administrator accounts would have unauthorized privileged access to data and free hand to change or even delete them. On average, businesses experience 3.3 such cases every month. Of course, such a serious case of data loss in 2018 will make headlines. But even businesses in tightly regulated industries like healthcare are shifting terabytes of data to the cloud each month. If you did not try to store sensitive data in “the cloud” before, the focus today is on not leaving it. Only with a seamless integration of cloud and on-premiseSecurity Infrastructure Ensure Compliance and Governance Consistently across Applications.
Regulators are still aware of a rather lax persecution of data loss and thus promote a negligent handling of data. But this laissez-faire attitude ends gradually. Already at the end of 2016, the first violations of the US HIPAA (Health Insurance Portability and Accountability Act) and EU data protection regulations were punished with heavy fines. The new EU General Data Protection Regulation even provides for fines of up to four percent of the annual turnover. In 2018, global companies will therefore have to implement the new regulations more consistently.
Companies are now focusing heavily on the cloud, using SaaS applications for sensitive information as well. Overall, 4.4 percent of documents in file-sharing applications are strictly confidential. For cybercriminals, this means there’s more valuable prey in the cloud than ever before. With data classification capabilities, some cloud providers are trying to better protect their customers’ “data gems”. Companies should definitely use 2018.
Career Jumping Cloud Security
Digitalisation has made IT more strategic. Chief Information Security Officers (CISO) will increasingly assume business critical functions. After all, every software company – and this is now the majority – needs security experts. CISOs can significantly accelerate product launches and ensure the data security of employees and customers. In 2018, IT security will finally become a competitive factor.
An average company transacts more than 2.7 billion cloud transactions per month – just 23.2 of them carry acute risks. Companies are therefore desperately looking for experts who are familiar with the IT jungle and implement tailor-made security concepts. For seasoned cloud security executives, this means that their career opportunities will grow exponentially over the coming years.
Head to head at IaaS services
Microsoft and Amazon are going head-to-head in 2018. AWS has rapidly conquered the IaaS market, but Azure is catching up. In the fourth quarter of last year, AWS deployed around 36 percent of new cloud applications, closely followed by Microsoft Azure at nearly 30 percent. Regardless of big names like Google, Rackspace, and Softlayer, niche vendors took 14 percent of the market.
Many companies do not have enough capacity to defend themselves against professional IT attacks. By contrast, large cloud providers with numerous security experts already. When companies outsource their infrastructure to Amazon, Microsoft or other vendors, they can face the aggressors in the “cyber war” at eye level. The sophisticated cloud provider APIs also provide additional protection through features such as activity monitoring.