In my previous post, I highlighted several challenges that make Cloud-based security a matter of constant vigilance. In this post, I’d like to offer some solutions that can help your organization meet these challenges and stay secure in the Cloud.

These security solutions make good business sense, because they help you function more effectively in today’s world. For example, they can help you:

  • Protect internal data: You want to give employees easy access to company information that makes them more productive. But you also need to protect any data that is accessible via the cloud. Virtual private networks, or VPNs, allow you to place your internal applications behind a firewall that is accessible only by authorized users. They can be very effective in protecting your organization’s data. But that protection is only as good as the sign-on procedures. Simple password-based systems do not provide adequate protection. More sophisticated systems that support a variety of authentication methods – such as two-factor authentication or biometrics – are more effective.
  • Protect customer and partner data: You’ve read about the famous and highly embarrassing cases of hackers capturing sensitive information such as customer-related data. These episodes can seriously damage your credibility with customers and business partners, and violate data privacy laws. But data loss prevention software can help ward off attacks by detecting any breaches of your Cloud-based system and preventing hackers from accessing critical data.
  • Deliver faster insights: More and more organizations are discovering the value of delivering real-time analytical insights via mobile devices. But a mobile business intelligence strategy requires a high level of security. Mobile Device Management (MDM) software helps ensure that all devices used by your team – including BYOD devices – are protected by data encryption and other configuration settings. In addition, it can ensure that any device may be immediately wiped clean in the event of loss or theft.
  • Provide role-based access: Different employees require different data access clearance. But how do you enforce role-based policies so that each employee gets the data he or she needs – while preventing unauthorized access to critical applications? Among the challenges to consider are:
  • Role changes: When an employee changes roles due to a promotion or other reason, they may need new permissions. In addition, they may need to have their previous permissions revoked
  • Temporary duties: When an employee fills in for a colleague or takes part in a special assignment such as year-end closing, they may acquire new access privileges that need to be revoked when that temporary assignment is finished. For example, a purchasing manager may need to step in for a colleague who is authorized to create new vendors within the system. That PA could now potentially create fictitious vendors and direct purchase orders to them, resulting in a security risk. To minimize such risks, your systems need to enable frequent compliance checks for all roles – especially those that involve access to critical business applications such as ERP.
  • Outgoing employees: When an employee leaves, he or she could retain access to the organization’s systems for months or even years to come. Your systems need to provide for immediate termination of privileges
  • Protect against malware: Malware can damage workflows and compromise productivity. So every Cloud-based environment should be equipped with software that continually detects and prevents malware attacks. Because malware continues to grow more sophisticated, prevention systems should be updated on a daily basis.

While these solutions may seem a bit technical, even non-tech executives should be aware of their existence – and their advantages. And if your Cloud provider does not offer most or all of them, you should ask them why.

Have You Read this Report?
If you haven’t yet read “Protecting the Cloud” by Oxford Economics, I highly recommend it as an excellent introduction to the most critical issues of Cloud security. To download a complimentary copy,

Axel Buelow, Interim CIO, SAP AG

With all its economic, technological, and strategic advantages, the Cloud is clearly here to stay. But that doesn’t mean it is fully formed. In the years ahead, the Cloud and its related technologies will continue to evolve. Among the developments I envision for the future are:

  • Increasing reliance: Over the next three to five years, a growing number of mobile workers will rely on Cloud services for all aspects of their daily lives. At the same time, enterprises will move more and more of their core business processes to the Cloud.
  • Hybrid model: The model for Cloud services will be a hybrid approach. That is, organizations will use public Cloud and other shared services in combination with “private” clouds that are isolated, restricted, and encrypted. This model will help ensure full access and proper security.
  • Data flows: To ensure that data is not exposed to the wrong people or devices, data flows will be controlled by data labeling and very granular permission models.

Staying Ahead of the Bad Guys
One of the most important prerequisites for the Cloud’s evolution will be security.

In our imperfect world, there will always be bad actors – from amateurs, to government-sponsored hackers, to cyberterrorist groups. And as long as there are, they will work tirelessly to defeat any security measures that are created by our best and brightest engineering minds. The temptation of so much Cloud-based data – which grows every day – is simply too great.

For the software industry, the only answer is to vigilantly protect our customers – one transaction at a time. Technologies such as in-memory computing, which allows real-time monitoring of transactions, help us stay one step ahead of the bad guys.

For example, let’s say someone’s credit card is stolen. An in-memory database can process both structured and unstructured data at unprecedented speeds. So in less than a second, a credit card company can comb through a cardholder’s entire history and identify that a transaction doesn’t fit the customer’s normal spending patterns. Then, they can place an immediate lock on the card.

What’s the Safest Place?
People sometimes ask me where I would store information that I considered to be very private – on a desktop, on a laptop, or in the Cloud. My answer is that I would choose any of these places as long as they had strong encryption.

In the future, the location of data will become less and less relevant, because data will be replicated between all your desktops, laptops, and mobile devices using Cloud storage as connection hub.

Data anywhere at any time will be a fundamental requirement. Therefore, we will need to continually isolate the data flows, and personalize them through encryption, tracking, and labeling.

Learn More
Data security should be everyone’s concern. So if you’d like to learn more, I recommend a new report by