High-profile hacking incidents made headlines last year, costing companies billions and creating a customer relations crisis for organizations that were hit with a data breach. Among the most noteworthy hacks of 2017 were a major breach at Equifax, three billion compromised usernames and passwords at Yahoo, and the WannaCry ransomware attack, which affected more than 300,000 systems worldwide.
Experts expect 2018 to be another banner year for hackers. As data becomes increasingly valuable and more transactions are done in the cloud, hackers will work overtime to discover creative new ways to steal sensitive information. That’s why cloud service providers have a duty to provide best-in-class security for their customers in 2018, and company leaders should choose enterprise solutions carefully.
Cloud service providers: Establishing trust
Customers need to know they can trust their Software-as-a-Service (SaaS) solution, and cloud providers must meet this demand by using the best security measures available to safeguard customer data. Constant vigilance is required since new exploits are being developed, like the weaponization of artificial intelligence, attacks on vulnerable Internet of Things endpoints, and sophisticated ransomware.
Cloud service providers that take their responsibility to customers seriously are using techniques such as regular third-party security scans, advanced intrusion and exploit detection processes, and other standardized security features. But they’re also thinking beyond standard security practices and employing a “defense in depth” approach to keep data safe, i.e., lining up defensive mechanisms so that if one fails, another is automatically put in place to counter the attack.
To apply “defense in depth” principles, experts recommend multiple layers of protection for a system that handles customer data. Rather than focusing on protecting a single aspect of a system, cloud service providers that deploy a “defense in depth” strategy secure hardware, software, and even processes. An end-to-end approach is ideal to address hacking threats that are coming from every direction.
Customers: Looking for trustworthy providers
In a high-threat environment, not only do cloud service providers have an obligation to offer robust security to customers, customers have a duty to evaluate SaaS solutions carefully and make sure the most up-to-date measures are in place to protect sensitive data. So, what should companies look for in SaaS security? And, which specific measures are critical to address today’s threats?
On a cloud platform, multiple authentication options are a must, including authorization protocols like Security Assertion Markup Language (SAML), which is a way for company administrators to control authentication without the cloud service provider having to store user passwords. Access control options are a must as well, so that company administrators can maintain separation of duties.
When evaluating cloud service options, customers should also make sure the provider runs consistent third-party penetration tests and shows evidence of compliance with stringent standards, such as International Organization for Standardization (ISO) or Service Organization Controls (SOC) certifications. These certifications indicate that the provider has passed an independent audit.
An emerging security solution, Anaplan Bring Your Own Key (BYOK), may be ideal for organizations who require the highest levels of compliance and security. BYOK gives companies the option to manage their own encryption keys, allowing them to encrypt and decrypt workspaces and maintain sole access to their most sensitive data in the cloud. This solution also gives companies the ability to obtain audit logs of encryption activity.
Facing the future with confidence
Today’s heightened threat level imposes responsibilities on both sides of the equation: Cloud service providers must continually evaluate their security posture and ensure it offers rigorous protection to customers. And leaders who are charged with protecting their organization’s data, assets, and customers must choose the solution that best meets their unique security needs.
The hacking threat isn’t going away anytime soon — if ever. But with the right approach, cloud service providers can deliver a platform experience that meets customer privacy and security requirements. And with knowledge of the latest security trends and innovations, leaders who are responsible for keeping their company’s data safe can face the future with confidence.