Cloud technology is currently in a period of “hyper growth,” which also raises questions and concerns about cybersecurity.
“The reason it’s in a period of hyper-growth and companies in particular and individuals as well are only thinking of cloud-first, cloud-only is because of its benefits,” said Kevin Fumai, managing counsel at Oracle, which offers a number of cloud applications, platform services and engineered systems. “It is driving technology. It is driving innovation. It is creating new markets and transforming existing ones.”
In addition to these benefits, Fumai said that “the revenue and economic effects are palpable.”
The worldwide cloud computing market grew 28% to $110 billion in revenues in 2015, according to Synergy Research Group.
A Gartner, Inc. report projected in early 2016 that the worldwide public cloud services market would grow 16.5% in 2016 to total $204 billion, up from $175 billion in 2015.
“Cloud is truly on an upward trajectory,” Fumai said, said during a panel discussion on Wednesday at the ALM cyberSecure conference in New York.
The problem with this rapid growth is that it’s hard for security measures to keep up, according to Jason Boswell, director of security practice at Ericsson. Ericsson delivers information and communications technology solutions, which includes cloud services. Nearly 40% of the world’s mobile traffic is carried over Ericsson networks.
“It’s difficult to articulate security policies when the traditional way that we have constructed them doesn’t quite work anymore,” Boswell said. Adding, “One of the biggest risks that we see is the lack of transformation of policy keeping up with the pace of change of moving to the cloud.”
Customers are not adapting their security policies as fast as they are migrating their data systems, according to Boswell. And, he added, the cloud movement is moving “faster than we even anticipated two years ago.”
Jason Taule’s advice to the crowd gathered at ALM cyberSecure was a company should treat its cloud provider in the same way it would its IT department.
“That conversation isn’t any different simply because you decide to put it in a cloud,” Taule said.
Taule is the chief security officer and chief privacy officer at FEI Systems, which is an information technology, services and analysis organization that specializes in healthcare solutions for federal, state, and local governments.
“The problem is you can’t automatically presume that that cloud provider is going to give you everything,” Taule added. “I would tell you most cloud providers are willing to give you as much as you want, as much as you perceive to have value and are willing to pay for it. But, you have to have that conversation.”
Taule also suggested having “ongoing continuous oversight” to make sure the security controls remain up to date.
“Keep in mind, you do not absolve yourself of liability and responsibility simply because you’re giving somebody else the day to day responsibility of delivering on that,” Taule said.
—Related on ThinkAdvsior: