March 07, 2017
Max Solonski
While those of us in information security fully appreciate that a mature cloud company might offer a better means of safeguarding data than internal IT teams, some people tend to react with alarm when they learn their organization’s vital information will be in the hands of a third party service provider.
This concern is understandable. The safety, security, and immediate availability of business and financial data are a competitive necessity for any company. If hackers access proprietary information on a new product or planned market expansion strategy, or if thousands of customer credit cards are stolen, the regulatory and reputational repercussions can be severe and can jeopardize the ongoing viability of the business.
As these worries compound, information security becomes a strategic concern. But here’s the point—although the risk of a data breach will never be completely eliminated, your data is better off in the off-premises cloud, where the threats can be minimized to the point of acceptance. This growing realization has prompted an about-face among IT professionals, who now perceive cloud-based information security as not just better and less expensive than on-premise data security, but also as a competitive advantage.
How can this be?
For one thing, the cloud liberates its subscribers’ information security personnel from having to handle routine security operations and control-management tasks, all of which can be very time-consuming. They can now provide real value-added services by applying their skills to their companies’ deployments of newer technologies and the security issues they can raise. New technologies can be anything from predictive analytics and artificial intelligence to robotic process automation and the Internet of Things. Rather than fret over the data security of on-premise systems, staff can focus on newer types of security issues.
Another reason is that most cloud-based service providers fully understand that in the event of a major data breach, the organization’s ongoing viability could be at stake. Consequently, it’s an absolute must for cloud providers to secure their customers’ data. The goal is always to stay one step ahead of the newest security threat and be prepared when and if it strikes.
People, Monitoring And Governance
While there will always be smaller cloud providers that struggle to maintain sufficient resources to achieve such high-level security, most mature cloud providers employ outstanding info security personnel. Many of them have built leading edge info security processes and tools. These run the gamut from identity-based management systems and data encryption to strict governance and proactive management structures.
Cloud providers also monitor their infrastructures for security threats on a continuous 24/7/365 basis. Unlike many businesses that entrust data security to the operations personnel in their IT departments, cloud providers have dedicated security people whose job is to focus exclusively on and centrally manage today’s ever-changing risks and threats.
Security is also better because cloud providers, in order to have effective and efficient security governance, tend to adhere to major industry frameworks, such as International Organization for Standardization (ISO) standards like ISO 27001. And cloud services typically are audited annually (at a minimum), which is not always the case with on-premise technology.
Add it all up, and it is not surprising that 64 percent of mid-size and larger businesses now consider a cloud infrastructure to be a more secure alternative to on-premise legacy systems, according to a 2016 survey of IT professionals by B2B research firm Clutch. More than one in five (21 percent) of the respondents touted security as the primary benefit of a cloud infrastructure. Affirming these findings is another recent survey by Bitglass, a cloud security gateway provider. 52 percent of the more than 2,200 cyber security professionals surveyed cited cloud-based applications as more secure than on-premise applications.
The bottom line is that if you select the right cloud service provider, your data is likely more secure than if this information resided in an on-premise system.
BlackLine’s Security
At BlackLine, we take data security very seriously. Our customers can afford data theft or downtime; we can’t. Our job is to prevent these from ever happening.
Consequently, we’ve designed, built and implemented a unique private cloud infrastructure that securely maintains our customers’ data. Our information security management program has earned internationally recognized ISO/IEC 27001:2013 certification and we regularly pass internal and industry-standard external audits. We make regular and efficient use of modern risk assessment techniques and security management tools, and are constantly evaluating the threat landscape and adjusting our information security on a timely basis.
Our production equipment is located in major data center facilities across the world with 24-hour physical security, keycard and biometric authentication, interior and exterior surveillance, and advanced fire suppression systems. The IT infrastructure itself is protected by layers of controls, from industry-standard firewalls, network, and host-based intrusion detection systems, to behavioral analytics tools and other technologies sourced from leading information security vendors. We also operate purpose-specific internally developed security tools.
According to the Clutch survey, more than 90 percent of U.S. businesses are now using cloud infrastructure. They’ve recognized the competitive advantages of the cloud and are assured their sensitive and proprietary data is safe.
While those of us in information security fully appreciate that a mature cloud company might offer a better means of safeguarding data than internal IT teams, some people tend to react with alarm when they learn their organization’s vital information will be in the hands of a third party service provider.
This concern is understandable. The safety, security, and immediate availability of business and financial data are a competitive necessity for any company. If hackers access proprietary information on a new product or planned market expansion strategy, or if thousands of customer credit cards are stolen, the regulatory and reputational repercussions can be severe and can jeopardize the ongoing viability of the business.
As these worries compound, information security becomes a strategic concern. But here’s the point—although the risk of a data breach will never be completely eliminated, your data is better off in the off-premises cloud, where the threats can be minimized to the point of acceptance. This growing realization has prompted an about-face among IT professionals, who now perceive cloud-based information security as not just better and less expensive than on-premise data security, but also as a competitive advantage.
How can this be?
For one thing, the cloud liberates its subscribers’ information security personnel from having to handle routine security operations and control-management tasks, all of which can be very time-consuming. They can now provide real value-added services by applying their skills to their companies’ deployments of newer technologies and the security issues they can raise. New technologies can be anything from predictive analytics and artificial intelligence to robotic process automation and the Internet of Things. Rather than fret over the data security of on-premise systems, staff can focus on newer types of security issues.
Another reason is that most cloud-based service providers fully understand that in the event of a major data breach, the organization’s ongoing viability could be at stake. Consequently, it’s an absolute must for cloud providers to secure their customers’ data. The goal is always to stay one step ahead of the newest security threat and be prepared when and if it strikes.
People, Monitoring And Governance
While there will always be smaller cloud providers that struggle to maintain sufficient resources to achieve such high-level security, most mature cloud providers employ outstanding info security personnel. Many of them have built leading edge info security processes and tools. These run the gamut from identity-based management systems and data encryption to strict governance and proactive management structures.
Cloud providers also monitor their infrastructures for security threats on a continuous 24/7/365 basis. Unlike many businesses that entrust data security to the operations personnel in their IT departments, cloud providers have dedicated security people whose job is to focus exclusively on and centrally manage today’s ever-changing risks and threats.
Security is also better because cloud providers, in order to have effective and efficient security governance, tend to adhere to major industry frameworks, such as International Organization for Standardization (ISO) standards like ISO 27001. And cloud services typically are audited annually (at a minimum), which is not always the case with on-premise technology.
Add it all up, and it is not surprising that 64 percent of mid-size and larger businesses now consider a cloud infrastructure to be a more secure alternative to on-premise legacy systems, according to a 2016 survey of IT professionals by B2B research firm Clutch. More than one in five (21 percent) of the respondents touted security as the primary benefit of a cloud infrastructure. Affirming these findings is another recent survey by Bitglass, a cloud security gateway provider. 52 percent of the more than 2,200 cyber security professionals surveyed cited cloud-based applications as more secure than on-premise applications.
The bottom line is that if you select the right cloud service provider, your data is likely more secure than if this information resided in an on-premise system.
BlackLine’s Security
At BlackLine, we take data security very seriously. Our customers can afford data theft or downtime; we can’t. Our job is to prevent these from ever happening.
Consequently, we’ve designed, built and implemented a unique private cloud infrastructure that securely maintains our customers’ data. Our information security management program has earned internationally recognized ISO/IEC 27001:2013 certification and we regularly pass internal and industry-standard external audits. We make regular and efficient use of modern risk assessment techniques and security management tools, and are constantly evaluating the threat landscape and adjusting our information security on a timely basis.
Our production equipment is located in major data center facilities across the world with 24-hour physical security, keycard and biometric authentication, interior and exterior surveillance, and advanced fire suppression systems. The IT infrastructure itself is protected by layers of controls, from industry-standard firewalls, network, and host-based intrusion detection systems, to behavioral analytics tools and other technologies sourced from leading information security vendors. We also operate purpose-specific internally developed security tools.
According to the Clutch survey, more than 90 percent of U.S. businesses are now using cloud infrastructure. They’ve recognized the competitive advantages of the cloud and are assured their sensitive and proprietary data is safe.
About the Author