In 2014, nearly 70% of enterprises had at least one application or a part of their computing infrastructure in the cloud (Forbes). This figure reveals how prevalent cloud computing has become as part of companies’ infrastructure strategies, and the trend is expected to continue. By 2018, it’s expected that at least half of all IT spending will be cloud-based, reaching 60% of all IT infrastructure and almost 70% of all software, services and technology spending by 2020 (IDC).
Cloud is increasingly being adopted by companies looking to harness the operational flexibility and cost efficiency benefits. Cloud allows large companies to efficiently upscale or downscale systems and bandwidth to meet the short-term needs of the business, while forgoing unnecessary fixed infrastructure investments. Small and medium-sized business can benefit entirely from lower operating costs provided by cloud infrastructures, while removing capital expenditures. Cloud also provides effective backup and disaster recovery capabilities in a single solution further reducing costs and while providing important business continuity.
However, a Cloud Security Alliance survey reported that over 70% of companies cited security concerns as the top challenge preventing them from adopting cloud projects in 2015. This is reflected particularly in the financial services industry, with security concerns being the most significant barrier holding back cloud adoption. Confidentiality of the data and control of the data are ranked as the top two concerns by financial institutions (Cloud Adoptions Practices & Priorities Survey Report, 2015). Given the numerous benefits cloud computing provides to the business, how could concerns of cloud security be addressed to help maximise cloud adoption and potential?
The main security issue companies fear is the loss of control of their data. Cloud providers all provide high levels of data security with data encryption at rest and in transit, however, it is usually the cloud provider who also controls the encryption keys and therefore access to the content. For many companies, particularly those in regulated industries and certainly where highly sensitive information is present, not having full control of the security and access, i.e. the encryption keys is a deal-breaker for using the cloud.
As data security is a crucial element, the next question is data responsibility. Who is responsible for the data? According to a Thales/Ponemon report, 44% of cloud users think the cloud provider is responsible for protecting confidential data in the cloud while 30% believe it is the cloud consumer’s responsibility. There are also differences among countries as to who is responsible. Nearly 70% of French companies are more likely to hold the cloud provider responsible for data protection activities as compared to Japan where 48 % of companies hold the cloud consumer primarily responsible for data protection.
One potential solution for companies who would like to increase cloud adoption but are inhibited by security concerns is to adopt a third-party security service model, one where the security vendor provides the security around the information in a complementary way to what the cloud provider offers. This model, allows the customers to control security and access to protect their data in the cloud. By separating the security from the cloud infrastructure organisations could eliminate any conflicts of interest between storage and control of information while retaining full responsibility of the data for themselves. Moreover, in doing so the logical control of a company’s information can be managed more effectively to meet the ever-increasing regulatory requirements, such as around data sovereignty.
APrivacy can act as a third-party security service with its data-centric security technology. Each piece of information is encrypted, at the data level, in a way that only the owner has access to the encryption keys. No one, including APrivacy itself, has access to these data. This process ensures that the files, whether in transmission or storage, are always secured, therefore enabling companies to leverage the cloud while still being the only ones in control of their own information.
Digital Security Perfected – APrivacy Ltd. is an award-winning company which combines military-grade data security with a seamless user experience on any platform, any device, anywhere. APrivacy Ltd.’s enabling technology now allows the financial services industry to confidently communicate with clients using their favourite channels leading to increased revenues and reduced costs while meeting the strictest regulatory requirements.