cloud-security-and-compliance-e1468330434129Although almost everyone is in the cloud, many companies are still reluctant to migrate core applications offsite. Cloud security and compliance concerns in particular prevent many organizations from realizing the benefits of moving to the cloud. Managed services providers can assuage fears by explaining how secure the cloud is, but to win over the skeptics and do right by their customers, they need to go further.

 

Despite of the Growth of the Cloud, Security and Compliance Concerns Linger

According to the 2016 State of the Cloud Report, private cloud usage has increased from 63 percent to 77 percent in one year and hybrid cloud adoption has jumped from 58 percent to 71 percent. All told, 95 percent of companies are now using the cloud. However, 29 percent of companies still view security as a major concern — second only to “lack of resources/expertise.” Many companies that appear to be cloud enthusiasts on paper are still keeping mission critical IT onsite, in spite of the added cost and complexity.

 

Misunderstandings play a significant role here: businesses believe that data centers mix everyone’s data together, or that their data is safer in their own data center where they can “keep an eye on it.” But explaining how cloud security and compliance works doesn’t address the core lack of trust; there’s a deeper issue at work.

 

The Problem Isn’t a Lack of Cloud Security and Compliance Offerings

As the cloud has transformed from a source of cheap hosting to a business solution, most managed service providers learned the importance of emphasizing internal security. More hosting providers are advertising secure data center footprints, and internal controls. Regulatory compliance auditing by 3rd parties is more common, and SSAE16 SOC 1, ISO/IEC 27001 and other certifications are no longer rare.

 

On the other side, 3rd party cloud security and compliance providers have emerged to provide support for companies in the cloud. Cloud auditing, Compliance as a Service (CaaS) admins, and cyber security services like monitoring and network hardening are flourishing. You can buy pretty much any security service you want in the cloud. So what’s the problem?

 

Cloud Security and Compliance Needs to Become a Core Service

While cloud services are plentiful, complete IT solutions are rare. Companies can theoretically own and protect infrastructure onsite, creating a complete team that works together to keep data safe. However, to get cloud security and compliance, hosting and IT managed services together, companies might have to work with half a dozen vendors or more — particularly if they run a hybrid cloud hosting environment.

 

For a company that is already uneasy about giving up control of core infrastructure, trusting a single provider with your core data is hard enough. Trusting several to run and secure your system between them can be a deal breaker.

 

At Symmetry, we believe cloud security and compliance must be a standard part of IT managed services. We’re leading the way by providing comprehensive security and compliance support as well as enterprise cloud services. Instead of just being another vendor the customer has to learn to trust, we function as an extension of internal IT and a strategic partner. And because we know your systems inside and out, we can take care of it like it were our own.

About Scott Goolik - VP, Compliance and Security Services

Scott Goolik is VP of Compliance and Security Services at Symmetry. A recognized expert in the field of SAP security and compliance, Scott has over 20 years of expertise in SAP security and is a regular presenter at SAP industry tradeshows and ASUG events. His experience includes working for one of the Big Four accounting firms and developing auditing tools, including those for segregation of duties (SOD). Scott is also responsible for architecting the ControlPanelGRC® solution which provides audit automation and acceleration of security and control processes.