Mitigate Cloud Security Risks with 4 Simple Solutions

Venkatesh Jakka (VJ), Assistant Vice President, Office of the CTO writes about ways to mitigate cloud security risks.

By 2025, 50% of the world’s data will be stored in the cloud and analysts predict the total global data storage will exceed 200 zettabytes – that’s two trillion gigabytes!

Cloud computing provides instant Internet access to a variety of IT services, such as servers, data storage, network, applications, operating system software and other infrastructure. Most companies use a variety of cloud options: 
Public: As the name suggests, public clouds are accessible via the public internet. Amazon Web Services and Google Cloud are good examples. 

  • Private: In this cloud environment, all cloud infrastructure and computing resources can be accessed by one customer
  • Hybrid: A combination of public and private clouds
  • Community: Multiple organizations can share cloud resources and services
Public clouds have tons of cloud native services, or serverless computing. These are easy to consume without spinning up servers and storage and are priced in a “pay as you go” scale. Private, community and hybrid clouds lack cloud native services. 

A public cloud is comparable to shopping on Amazon. There is a wide array of products, an easy user and buying experience. The community cloud is more like a small-town grocery store, while private and hybrid clouds are similar to an invitation-only “company store.”

The small, intimate nature of the public and hybrid clouds are great for security in the sense it is private workload and theoretically isolated from other people’s hosting. However, one gives up the access and ease associated with the public cloud. 

With so much sensitive information being stored and shared across public clouds, it’s no surprise that the primary concern is security. 

Cloud Computing Security Solutions

Best practices to mitigate these security risks in the cloud include a combination of clearly defined responsibilities, enhanced visibility, and proactive strategies. These practices provide the best protection when used simultaneously.
  1. Define data ownership responsibilities. Outline data ownership between the cloud provider and the company. Vendor relationship is key. It is common for cloud providers to be responsible for the cloud infrastructure security, with the company responsible for the data in the cloud. This may mean you invest in a technical account manager, or TAM, to provide support direct from the vendor to the company. Without vendor help, clouds are not easily used.
  2. Invest in a cloud team and toolkit. Invest upfront in good governance, security, configuration tools, and set up. It will save money in the long run. Similarly, hire good cloud-literate engineers and retrain key staff to use the cloud.
  3. Collaborate and communicate. Cloud computing doesn’t exist in a bubble. Multiple divisions in a company are involved in the success of cloud integrations, including IT, compliance, operations and security. Ensure all teams are working together in the adoption and alignment of the cloud.
  4. Protect data. The risk of a malware attack or data leak have one thing in common: human error. In fact, 85% of data breaches are due to human error, with 43% of employees making a mistake that compromised online security. The best protection is to train staff thoroughly, conduct regular audits and assessments, employ a multi-factor authentication system, and encrypt data at all times.
Cloud computing is a critical component of business in the modern age. With strategic security solutions in place, the cloud can be a significant source of innovation and opportunity for small companies and large corporations.
About the author
Venkatesh Jakka headshot

Venkatesh Jakka (VJ)

Assistant Vice President, Office of the CTO

As the AVP of Cloud Enablement Team, Venkatesh Jakka is responsible for overseeing governance, security, stability, reliability and FinOps for all public cloud programs at Unum. With over 15 years of experience in the IT Industry, including eight years in cloud engineering and operations, VJ has a deep understanding of how to build and manage cloud infrastructure that is secure, scalable and cost-effective.

VJ works closely with cross-functional teams to design and implement cloud governance policies that ensure compliance with the insurance industry standards and best practices. Additionally, he also oversees monitoring, automation and disaster recovery planning for all applications hosted in Unum’s public cloud. 

VJ has a bachelor’s degree in computer science, holds several technical certifications and is passionate about leveraging cloud technology to drive innovation and growth.

About Unum Group

Unum Group (NYSE: UNM), an international provider of workplace benefits and services, has been helping workers and their families for 175 years. Through its Unum and Colonial Life brands, the company offers disability, life, accident, critical illness, dental, vision and stop-loss insurance; leave and absence management support and behavioral health services. In 2022, Unum reported revenues of about $12 billion and paid $8 billion in benefits. The Fortune 500 company is one of the 2023 World’s Most Ethical Companies, recognized by Ethisphere®.  

 

Visit the Unum newsroom for more information, and connect with us on LinkedInFacebook, and Instagram.