Skip to main

You Rushed to the Cloud—Now It’s Time to Assess and Address Cloud Security

Download Brochure
Unisys Brochure

Short on time? Here's an overview:

Doing things right is more important than ever since working from home has caused a surge in security breaches; more than half of legal and compliance leaders said that since COVID-19, cybersecurity and data breaches are their most-increased third-party risks; and up to 80% of CIOs and CISOs experienced a breach originating from a third-party vendor in the past year. Here are a few tips on how you can do things right starting today—before you run into real trouble.

The pandemic prompted a rush to the cloud. Fast action was critical given the rapidly expanded work-from-home requirements and the need for touchless procurement, sales and service.

These efforts better-positioned businesses for the present and the future. A 2020 IDG study indicates that 59% of tech buyers planned to be mostly or all in the cloud within 18 months. If you're not in the cloud, you will be left behind in the race toward agility and innovation.

Now the initial rush has passed, and the dust is settling down. It's time to assess and address the compliance, cybersecurity, data privacy and risk implications of your cloud deployment. Cloud security and compliance continue to be the biggest pain points for cloud customers.

If you think it's too late for that, think again. It's never too late to do things right.

Doing things right is more important than ever since working from home has caused a surge in security breaches; more than half of legal and compliance leaders said that since COVID-19, cybersecurity and data breaches are their most-increased third-party risks; and up to 80% of CIOs and CISOs experienced a breach originating from a third-party vendor in the past year.

Here are a few tips on how you can do things right starting today—before you run into real trouble.

Embrace Security and Compliance and the Shared Responsibility Model for the Cloud

Choosing the right compliance framework is critical. HIPPA exists to protect Personal Health Information (PHI). The Payment Card Industry (PCI) standard protects credit card processing data. These are just a couple of examples of compliance regulations.

Your organization might be compliant, but that doesn't mean it's secure—and vice versa. So, in addition to your compliance framework, it's important to establish a security framework. Pick the right security framework for your organization. The security framework will provide a set of measures (controls) for people, process and technology governance. Example control frameworks areFedRAMPFISMAISO and NIST-CSF.

As part of your security framework, understand and adopt the shared responsibility model. This will define the boundaries of what your cloud service provider(s) will handle and what you need to manage. The importance of adopting the shared responsibility model cannot be understated because your cloud hosting provider is not on the hook for compliance or security—you are. Adopt DevSecOps practices to ensure secure and compliant deployments.