If you are a CFO who is suspicious of storing important data in the cloud, you are not alone.
A study by Ernst and Young (EY) found that 56% of CFOs are concerned with managing data security and privacy in corporate reporting, with CFOs in India (68%), China (65%) and the US (63%) expressing the most concern. The EY survey also found that 49% of global respondents say concerns over security and compliance risks of the cloud are seen as a major barrier to technology transformation.
Breaches in cybersecurity from large companies like Equifax, Uber, Target and Amazon have only heightened the paranoia for CFOs being pushed to do more with data in “the cloud.”
And there is many reasons for CFOs to be concerned. A report from the Cloud Security Alliance (CSA), an organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, issues a report on “The Treacherous 12,” the top threats to cloud computing.
Making CSA’s list of top security threats were:
1. Data Breaches
2. Weak Identity, Credential and Access Management
3. Insecure APIs
4. System and Application Vulnerabilities
5. Account Hijacking
6. Malicious Insiders
7. Advanced Persistent Threats (APTs)
8. Data Loss
9. Insufficient Due Diligence
10. Abuse and Nefarious Use of Cloud Services
11. Denial of Service
12. Shared Technology Vulnerabilities
However, despite these security challenges, adopting the cloud as part of organizations’ IT strategies may be unavoidable. A survey by McAfee of IT professionals 2017 found that cloud services are now a regular component of IT operations, and are utilized by more than 90% of organizations around the world.
Even as CFOs continue to harbor reasonable concerns about security of data in the cloud, continued handwringing is not a solution. Instead, it’s important for CFOs to embrace cloud technology, and to work with their IT departments to make sure their data will be secure in the cloud. It starts with doing due diligence on the integrity of cloud service providers (CSPs). A key step in that process would be confirming that the chosen CSP(s) have appropriate security measures in place and their data centers meet certain requirements, including SSAE16 and ISO certifications, which are designed to assure that minimum levels of security, availability, safety, and reliability are in place.
The tech website Hacker Noon offers these additional security tips that CFOs can have their IT departments employ as additional security measures:
1. Backup Data Locally
2. Avoid Storing Sensitive Information
3. Use Cloud Services that Encrypt Data
4. Encrypt Your Data
5. Install Anti-Virus Software
6. Make Passwords Stronger
7. Test the Security Measures in Place in the Cloud
Once CFOs can get comfortable with managing the security challenges of the cloud, they will have to turn their focus to an even greater issue: data consolidation. This is rising concern among CFOs as they try to manage data coming from a growing number of date sources. A study by Adaptive found that almost four in 10 CFOs (39%) said the number of data sources (39%) they have to manage presents a challenge for CFOs in attaining a “single source of truth” in the cloud. As more data becomes available, CFOs will need to develop means to effectively gather data from multiple sources and consolidate and validate that data into a single data set that provides a single source of truth. Addressing that challenge may make cloud security seem simple.