Why are businesses reluctant to use the public cloud? Concerns over security are a particularly crucial factor: For instance, businesses may worry that third parties could gain unauthorised access to sensitive corporate data. They may also feel unsure about legal issues or doubt whether a public cloud can be integrated into existing solutions.
Such concerns over security are justified: Passed in March 2018, the Cloud Act requires US Internet firms and IT service providers to grant the US authorities access to data even if it is not stored in the US. Bilateral agreements are due to be developed as a result of this law with the aim of enabling foreign authorities to submit their requests directly to corporations. An agreement to this end would leave the courts with no control in the event of an enquiry, which has led to criticism from data protectionists.
Database security therefore plays a very important role in this regard. According to Gartner, global revenue from database management solutions (DBMS) rose by over 18 percent to USD 46 billions last year. Over two thirds of this growth can be attributed to cloud databases. According to estimates by the market research company, three quarters of all databases will be on the public cloud by 2022. Just 5 percent of them will be relocated back to private data centres or a private cloud.
Now is a good time to take a closer look at database security on the Cloud. We spoke to Co-CEO of Trivadis, Gerald Klump, about this issue.
Sabine Hornberger: Gerry, as we Trivadians and good friends of Trivadis know you, how much can we trust database security on the Cloud?
Gerry: This is a complex issue as it is the nature of the data in question and its level of confidentiality that determines which information and applications can be processed on servers run by Cloud providers. Database security is therefore the most critical factor when deciding between a private cloud, public cloud or hybrid cloud. In principle, every network and every IT landscape in every organisation can be corrupted, nothing is immune to attack. The world’s leading Cloud providers, like Amazon, Google, IBM, Microsoft, Oracle, Salesforce and SAP, are aware that they are a preferred target for criminal hackers. However, they possess the financial, human and structural resources needed to take the best possible security precautions. These range from firewalls to data encryption, even when transporting data online. In addition to this, there are role-based access rules. Users are advised to good make use of such security services in order to avoid violating data protection regulations, like GDPR and compliance rules.
Do you see any downsides for companies to using a cloud solution?
In the DACH region, CEOs are responsible for IT compliance. So, complying with laws, standards and regulations is essential for all businesses, no matter how big they are. Breaches can be so expensive that, in the worst-case scenario, they may result in a company having to shut down. That is why outsourcing compliance with legal requirements to a provider is a practical solution as it removes any need to worry about such issues, enabling a business to concentrate on its core business of attracting and retaining customers.
However, liability ultimately always lies with the responsible party within the company. Nevertheless, the CEO is able to delegate the practical precautions required by law to a third party (in this case a service provider) and indemnify himself through proper IT contracts. To identify which specific aspects should be taken into account, consulting an expert in the field of managed services is advised.
At this point, I would like to quote Marko Vogel, a cyber security partner at KPMG: “If you want to accelerate your digital business by using a public cloud you also need a good set of brakes. A stable security concept with flexible protection for cloud services forms the basis for confidence in using the cloud.”
And what advantages are worth highlighting for businesses when using a cloud solution?
Cloud computing means more than just being able to access quickly scalable processing power. Using cloud solutions also means accelerating the digitalisation of internal processes and thereby developing new business models with close market proximity. Cloud computing has evolved into a core technology for digitalisation. The challenges of the Covid-19 crisis have shed particular light on the strengths of cloud computing. Furthermore, cloud computing makes it easier to provide mobile access to IT resources. An increase in data security and a 25% or so reduction in IT costs resulting from use of the public cloud have also been observed. Many businesses also use the public cloud specifically to gain access to new digital technology. Almost a quarter of these users use the public cloud for solutions related to the Internet of Things or Industry 4.0. A further 30 percent have plans to do the same. (Source: Cloud-Monitor 2020)
How are the areas of responsibility divided up when outsourcing?
Every business must be well equipped to deal with the hazards of outsourcing: These include issues like malware, data misuse, or password and account theft. To successfully overcome these risks, everyone involved has to take responsibility. Manufacturers and service providers are responsible for the security and reliability of their solutions. And users should be put in a position where they are able to navigate the digital age with confidence. Businesses need to be advised in a manner that enables them to choose the right product from the wide range of solutions on the market and opt for the more secure option in cases of doubt.
Can you sum up for our readers or perhaps give them a general guideline for their journey into the Cloud?
Integrating cloud services is a complicated undertaking but one that definitely pays off. To be able to tap into the full potential of cloud services, such as their ability to improve the efficiency of business processes, increase IT security, improve availability and facilitate cost planning for IT resources, you need to take a careful, structured approach to integrating the individual services – from planning to implementation. An external specialist can be a great source of support. Here at Trivadis, we work with our customers’ IT departments to develop suitable, simple and quick-to-implement cloud solutions, which are particularly geared towards addressing the sensitive issues of IT governance and IT compliance for data.
Thank you for such an informative insight Gerry.