Security issues must stop holding back the cloud.
No contemporary business will be able to survive without entering the digital age. And without the cloud, digitization would not exist. Yet many businesses are fearful of using the cloud because of security concerns. Fear not! There are ways to square the circle and ensure that businesses benefit.
Work from anywhere and never miss a business opportunity: today we take this for granted. Digital technology is becoming increasingly pervasive in our lives. Digital marketing helps businesses boost their visibility and is playing an increasingly important part in their reputation.
Head of Business Line Defense & Security
Digital technology services may be particularly user-friendly for customers, but for businesses they represent a data management challenge. Providing digital services is often a non-starter unless a cloud-based solution can be found. In addition, customer data is one of a company’s most sensitive assets. In the wrong hands, it could conceivably be made public or used to blackmail the company, and the resulting damage to its reputation would be immeasurable.
By 2017, organizations that have made a strategic decision to invest in cloud applications for mission-critical workloads will consider CASBs to be an essential security control.
The ELCARD multi-factor authentication solution has been designed to meet the challenges of modern computing, supporting a large number of use cases and providing an optimised user experience while protecting enterprise resources at a reduced cost.
To address internal and external risks to the sensitive data shared in the cloud, ELCA has developed a solution that will allow companies to leverage cloud online services, while remaining aligned on compliance and regulations issues.
Using "public clouds" offers businesses considerable advantages, enabling them to introduce services quickly, easily and cost-effectively, thereby improving the company’s competitiveness. Using the cloud also reduces operational costs, shifts responsibility for optimum operation to the service provider running the cloud, and improves collaboration and productivity.
Despite these advantages, many businesses are reluctant to take the plunge. They are not convinced their data will be secure and are unclear where it will be stored, who will control it and who will be responsible for the crucial task of ensuring it complies with the latest directives. When services and processes are transferred to the cloud, there is no guarantee that the service provider will retain control of its visitors (or service recipients).
The Internet is worldwide; Switzerland may be a neutral country but economic warfare is very much a reality. As a rich nation, we are in the firing line and our data is of interest to others (both governments and businesses).
New technology is a double-edged sword: cyberweapons are no longer a myth!
These different aspects may seem irreconcilable, but they can be combined successfully. Gartner sees a tremendous market potential for cloud access security brokers (CASBs).
Put simply, CASBs act as control points between users and the cloud. Their job, among other things, is to provide the following:
- Visibility: confirmation of the identity of the users for each application, type and location of the saved data.
- Protection against data loss: processing all the data according to their specifications.
- Protection against security threats: looking for malware and suspicious behaviour in the cloud.
- Compliance: ensuring compliance with directives and industrial standards.
According to Gartner, security concerns are the reason why more than 50% of companies have up to now held back from adopting a cloud solution. As digitization grows, this reluctance is set to damage their reputation, shrink their profits and reduce their market share. It is no longer a question of whether a business offers digital services, but how it does so while keeping both itself and its data safe. There are numerous examples that demonstrate that involving/recruiting security managers as early as possible has proven a very wise move. The same applies to third-party providers, which must be chosen with care: is it really necessary to bend to their will when it comes to security? And what about the quality of the systems and software they are offering? Is it wise to hand over the house keys (or to be more precise, our data) to a foreign supplier governed by a third-party authority?
ELCA has adopted a complementary strategy by playing the diversity card – in other words, using a hybrid approach. ELCA’s selling point lies in its use of several infrastructures to protect companies’ data, processes and services, on several security levels: a company-specific infrastructure for ultra-secure services and data; a “Swiss infrastructure” (servers and links installed in Switzerland) to protect and manage the data in compliance with Swiss law; and a fully cloud-based solution for non-sensitive data. Its objective is to provide optimum protection, making use of technical features such as virtual appliances, cloud access security brokers (CLOUDTRUST) and multi-factor authentication (ELCARD) to name just a few examples.
ELCA has developed a personalised CASB solution that
- offers a CASB product covering all the functionality required for visibility, data-loss prevention, protection from security threats and access control.
- offers advanced configuration from a user-friendly interface.
- is either hosted in Switzerland or installed on the company’s site.
When it comes to security, return on investment is neither immediate nor quantifiable, but simply carrying out an occasional security audit to provide a snapshot of a constantly evolving information ecosystem and relying solely on bare-minimum standards are corner cutting exercises that may ultimately prove costly. Do not forget that the other side is using talented people too. It is essential to adopt monitoring tools and a clear identity and access management strategy to keep a constant eye on data access. Companies like ELCA and Kudelski, who have years of experience in these fields and are not dependent on major service providers, can provide businesses with decisive and neutral help with this.
The path to the cloud is a tricky one to follow and there are dangers along the way. There are very few companies with sufficient expertise to make the necessary informed decisions unaided. But fortunately, there are technology-savvy advisers who are thoroughly familiar with the different business sectors. If they work together, the two partners are sure to succeed in preparing a roadmap and putting it into practice to enhance the company’s reputation, boost its profits, and consolidate or even grow its market share.