Around our office there is a lot of talk about “hybrid Cloud” as we help our customers create strategies to safely migrate from on-premise to cloud storage and applications. A hybrid cloud strategy provides both flexibility and peace of mind, enabling organizations to ease into utilizing the Cloud at their pace. The actual challenge however is not finding the right balance between on-premise and the Cloud, but coping with the multitude of cloud options.
I would argue that the main issue facing organizations is not cloud security, but maintaining compliance with internal, industry, and government regulations. Cloud service providers have dedicated staff and resources to protect data from theft, loss and corruption. Their business depends on delivering and maintaining the trust of their customers. When it comes to security, the major Cloud players are likely as or more secure than most internal systems.
The bigger issue, and one that cloud providers have no influence over, is controlling what information is moved and to which Cloud(s). Whether it is different departments satisfying their own requirements or the consequence of shadow IT, the reality is that most organizations are facing a multi-cloud environment. With multiple clouds in play, ensuring that information is being shared in compliance with regulations becomes much more challenging.
TITUS Classification is the foundation for secure cloud adoption. When documents and files are identified and classified, they become much easier to control. At the most elementary level, a user that can see if a file is marked as “restricted” or “secret” may reconsider sharing information via non-corporate or consumer cloud shares. To help enforce proper behavior further, TITUS collaborates with Cloud Access Security Brokers (CASB) like Netskope and Skyhigh, to ensure that they can read the TITUS classification metadata, which is used to evaluate and enforce secure and compliant data sharing.
With multiple options also comes the potential for greater complexity and confusion. To speak of “the Cloud” is really to speak of “the Clouds”, and properly identifying your data is essential if you don’t want critical data to disappear into the vapor.