Why Cloud Security Is Everyone’s Business

Don’t let overhyped security concerns obscure your cloud vision.

As the move toward cloud gathers momentum, unwarranted fears about security are inhibiting the use of public cloud services by some organizations.

“Concerns about cloud service provider security have become counterproductive, and are distracting CIOs and CISOs from establishing the organizational, security and governance processes that prevent cloud security and compliance mistakes,” said Jay Heiser, research vice president at Gartner. “In fact, Gartner predicts that, through 2020, 95 percent of cloud security failures will be the customer’s fault.”

The naive belief that cloud providers are entirely responsible for their customers’ security means that many enterprises are failing to address how their employees use external applications, leaving them free to share huge amounts of often-inappropriate data with other employees, external parties and sometimes the entire Internet.

The cloud business model provides huge market incentives for cloud service providers to place a higher priority on security than is typical for end-user organizations.

Read related article: Focus on Three Areas of Cloud Security

Virtually all public cloud use is within services that are highly resistant to attack and, in the majority of circumstances, represent a more secure starting point than traditional in-house implementations. Only a very small percentage of the security incidents that have affected enterprises using the cloud have been due to vulnerabilities on the part of the provider.

“The cloud business model provides huge market incentives for cloud service providers to place a higher priority on security than is typical for end-user organizations,” explains  Heiser. “Cloud service providers can afford to hire experienced system and vulnerability managers, and their economies of scale make it practical to provide around-the-clock security monitoring and response.”

New Capabilities for Digital Product Management

How to manage products and services in new ways

Download eBook

Organizations should not, however, assume that using a cloud service means that whatever they do within that cloud will be secure. The characteristics of the parts of the cloud stack under customer control can make it easy for inexperienced users to adopt poor cloud practices, which can lead to widespread security or compliance failures.

Ultimately the responsibility lies with the organization to exert control over cloud. Secure and regulatory-compliant use of public clouds requires that enterprises implement and enforce clear policies on usage responsibility and cloud risk acceptance processes.

Organizations that don’t take a strategic approach to the secure use of cloud computing could find themselves in an unsecure, inflexible or uncompetitive situation.

Get Smarter

Follow #Gartner

Attend a Gartner event

Explore Gartner Conferences

Cool Vendors Enable Radical Rethinking After the Reset

The recent global pandemic has put the entire world in a vulnerable and fragile state. Ingenuity, not just financial muscle, will become a source of advantage, allowing cleverer firms to rapidly reinvent and renew their businesses to succeed. CIOs should leverage Cool Vendors to expand their opportunities and accelerate reinvention.

Read Free Gartner Research

Webinars

Get actionable advice in 60 minutes from the world's most respected experts. Keep pace with the latest issues that impact business.

Start Watching