The rise of cloud computing has had an interesting impact on cybersecurity. On the one hand it made security both stronger and cheaper by taking the burden off individual companies and placing it on tech providers. But as relieving as it is for some, others worry about protection and deflection. Much of this anxiety stems from uncertainty.
Now that companies rely on multiple cloud service providers there are very real questions about the protections those providers have in place. They may be strong in most instances. But if just one of the provider partners has lax security it puts the company’s entire IT infrastructure at risk. And since security is handled by someone else, that risk could be entirely invisible.
The benefits of the cloud are too large to ignore. But so are the risks. Companies aim to be proactive about cybersecurity. They also want to minimize the cost and consequences of attacks and accidents. That is only possible by asking the right questions to cloud providers:
What kind of threats are providers exposed to?
Different providers are at risk of different types of attacks. This is because of their size, focus, location, or security strategy. Those risks are transferred from the provider to the client, which is why understanding is essential.
What kind of protections are in place?
Each cloud provider has a different security framework in place with both strengths and weaknesses. The same is true for every client company. Understanding how those protections overlap and where they leave gaps reveals what threats loom largest.
What is the overall risk tolerance?
Companies may be able to weather a certain amount of risk depending on the cyber plan they have in place and their level of cyber insurance. Comparing the tolerance within the company and within the cloud provider highlights potential points of friction.
Are Providers Investing in Protection?
Cyber threats are evolving all the time, which means cybersecurity must evolve as well. Otherwise, the protection a cloud provider uses now could be totally inadequate for tomorrow. Understanding when and how the provider plans to invest in new security illustrates their ongoing commitment to security.
Does Everyone Have a Plan in Place?
Preparing for an attack is one thing, but actually responding to an attach is very different. The pressure and confusion of the situation often make the damages worse. Operating according to a comprehensive response plan is the best strategy. That is true of every company and every cloud provider they work with.
This list is not intended to scare anyone away from the cloud. It’s simply intended to underline the fact that the cloud is not ironclad. It does a lot to help companies boost their defenses. Crucially, however, it’s doesn’t seal off every entry point.
It’s more important than ever for companies to fully comprehend their cyber vulnerability. Boosting defenses is an one half of the equation. The other half is investing more in response and mitigation. Understanding the issue from all angles and battling it on all fronts is the only way to be truly protected.
