Get in touch

Cloud security: what's myth and what's truth

According to research conducted by IDC, 2022 will be marked by the continuation of cyberattacks, especially ransomware attacks. In 2021, global data shows that 38% of companies suffered some type of ransomware attack.
Cybersecurity 6 min read By: Skyone

According to research conducted by IDC, 2022 will be marked by the continuation of cyberattacks, especially in the form of ransomware . In 2021, global data shows that 38% of companies suffered some type of ransomware attack.

In this context where data security becomes an even more critical concern for companies, cloud migration emerges as one of the possible solutions to be considered as a way to mitigate these risks .

Information security has always been a sensitive issue, and some myths have been created regarding responsibilities for ensuring the security of data and services hosted in the cloud.

Read to the end and get your questions about cloud security answered!

See also:

How to invest in security in cloud computing

Myth: On-premise infrastructures are more secure than cloud-based infrastructures

On-premise structures are those characterized by the physical format of data storage, a situation in which the information is located on servers within the company. 

Because they are local and structured, on-premises failures and risks are commonly caused by inappropriate behavior from users or administrators of the solutions, as well as by a lack of redundancy and slower backups. 

On the other hand, companies that have IT partners specializing in cloud computing benefit from a team fully dedicated to preventing attacks and continuously monitoring for potential threats , working to develop extra layers of protection and review processes and methodologies to ensure the security of their clients.

Furthermore, regarding cloud security, research published by Gartner on February 4, 2021, indicated that:

“Cloud computing offers the scalability and accessibility needed to host security services that can reliably and conveniently support a global cybersecurity mesh. Offering technology as a service means the vendor is responsible for routine maintenance and updates. The corporate cybersecurity team can focus on policy maintenance, while letting the vendor worry about the plumbing. Gartner research indicates that 80% of organizations expect to use security as a service by 2023.”

Note that the investment was very large to achieve a structure with so many resources. This was important to solidify the idea that the cloud is indeed a secure environment. Proof of this is the number of companies that have already migrated and others that have emerged from using cloud computing infrastructure.

Learn more about data security and LGPD by listening to episode #5 of Sky.Cast , the Sky.One podcast!

Data security and LGPD (Brazilian General Data Protection Law)

Myth: Security is the responsibility of the cloud provider

Perhaps due to the large infrastructure and suite of information security services offered by cloud computing providers, many clients have come to believe that the responsibility for implementing and maintaining security lies with the service provider, which is a major misconception.

Security is a shared responsibility for everyone. The service provider offers all the necessary infrastructure, but understanding the needs and how the technology should be used is the responsibility of the clients.

It's important to highlight that the application of security policies and processes can completely impact operations. For example, simply restricting access to ports that provide communication with the outside world is enough. This type of information is part of the technology architecture used by the client.

Another misconception about cloud security is related to the maintenance and training of the personnel involved . Again, the responsibility lies with the clients. The provider can and does offer the necessary support to ensure the proper use of resources, but in the vast majority of cases this is offered as a service that will be charged for.

Myth: Client's architecture is certified and compliant with standards

Another misinterpretation on the part of customers. There are two distinct scenarios: one is for the cloud service provider to have its infrastructure certified and in accordance with the main compliance standards; and another is for the customer to have its own architecture with the same controls and responsibilities.

Of course, migrating operations to an environment that complies with the main market security standards and regulations already helps ensure the client's architecture is secure, but depending on the area of ​​operation, specific certifications or standards may need to be applied specifically to the client's architecture. The provider offers support to meet security requirements, but the responsibility lies with the client.

How can you tell if your business data is secure?

According to the Cloud Security Report , published in 2021, 64% of companies cite data breaches as one of their biggest cloud security concerns.

Even if a good provider takes all necessary precautions to ensure cloud security, it's impossible to say that problems won't occur at some point.

This happens not only in relation to the cloud. We've already seen news reports of hackers coordinating a ransomware cyberattack that affected nearly 100 countries and managed to hijack data from giant companies. Therefore, nothing is completely foolproof.

The fact is that you can't prevent all threats, but you can monitor them. And the first step is to use automated control systems that quickly detect irregular data patterns and signal that an intrusion is taking place.

When this notification occurs simultaneously, the company can respond quickly and efficiently to the incident to stop the attack and minimize damage.

Cloud-based systems also typically include environmental protection through firewalls and security groups, strong password enforcement mechanisms, constant application of security updates to the operating system, and isolation of the ERP environment from the most common attack vectors, among other measures.

How can I ensure a secure cloud migration? 

It's important to highlight that the migration process requires more than simply uploading an app to the cloud and changing the storage method. 

We know that without the right tools and procedures, cloud applications can malfunction, both technically and financially. That's why it's essential to have the help of cloud security experts. 

At Sky.One, we offer unlimited partner support through web-based service orders or by phone. Our coverage model is 24/7, ensuring that our technical support team responds to incidents according to their criticality level and SLAs. Learn more !

Tips for software developers 

 

 

Skyone
Written by Skyone

Related articles

CYBERSECURITY

Secure VPN in practice: protocols, risks, and real-world protection

14 min read
CYBERSECURITY

VPN and remote work: the line of defense against modern attacks

13 min read
CYBERSECURITY

Cyberattacks that every company should know about and avoid

11 min read

Start transforming your company

Test the platform or schedule a conversation with our experts to understand how Skyone can accelerate your digital strategy.

Subscribe to our newsletter

Stay up to date with Skyone content

Speak to sales

Have a question? Talk to a specialist and get all your questions about the platform answered.