Cybersecurity in the Cloud: Safer Than You Think

1. Cybersecurity in the Cloud: Safer Than You Think

2. The explosion of cloud computing has connected more people than anyone ever imagined... But the massive number of companies migrating to the cloud has ampliﬁed the urgency of data security and regulatory compliance.

3. Cloud Migration Is Relentless It turns out that 96% of today’s enterprises are using at least one public or private cloud, according to RightScale’s 2018 State of the Cloud Report. Forrester’s experts predict that public cloud expenditures will grow from $146 billion in 2017 to $236 billion in 2020. Approximately 80% of tech company professionals are using cloud-based apps, according to Citrix. At companies with ﬂexible workplaces, 57% of professionals are working in the cloud.

4. Don’t Get Snagged on the Insecurity Myth The skeptics get snagged on lingering assumptions that cloud technology is insecure. Perhaps the trust gap is perpetuated by the numerous data breach horror stories that litter the Web. But don’t let the cyber smash and grab headlines stop you from giving cloud the beneﬁt of the doubt. “You have to institutionalize security as part of your business model.” - Omesh Agam, Chief Information Security Ofﬁcer at Appian.

5. Raising the Bar on Security Standards “We have a myriad of compliance certiﬁcations that we have to maintain to provide a base level of assurance to customers, as well to ourselves, that we're operating in accordance with the highest security standards.” - Omesh Agam

6. Cyber Attacks Spreading Like Wildﬁre Anywhere from 300,000 to a million viruses and other malicious software products are created by hackers every day. This includes the usual suspects—DDoS attacks, data breaches, ransom demands, and theft of proprietary information. And that’s just the tip of the iceberg. From a business standpoint, cybercrime drains a staggering $600 billion a year from the global economy, according to the Center for Strategic & International Studies. !

7. Cloud Is Safer than Many Legacy Systems Gartner predicts that worldwide security spending will reach $96 billion in 2018, up 8% from 2017. CNBC recently reported that cybercrime is the fastest-growing crime in the U.S. In 2018, the 60% of enterprises that implement the right cloud security tools will experience one-third fewer security failures. Through 2020, public cloud Infrastructure as a Service workloads will suffer at least 60% fewer security incidents than those in traditional data centers. Through 2022, at least 95% of cloud security failures will be the customer’s fault. HACKED

8. The Security Risk Is Marvin in Marketing, not the Cloud Human error is the main cause of security breaches. Yep, it’s usually just Marvin in marketing, who unknowingly downloads a malicious ﬁle and exposes your organization to cyber attacks. On average, employees receive less than two hours of security training per year, according to the FPA study. 48% of enterprises don’t have an employee security awareness program, according to Forbes.

9. Compliance in the Cloud On the compliance side, the best cloud services cover all of the major security domains and controls, including: Association of International Certiﬁed Professional Accountants (AICPA) cybersecurity risk management reporting framework Payment Card Industry Data Security Standard (PCI DSS), which is an international framework for data security standards Health Insurance Portability and Accountability Act of 1996 (HIPAA), which is US law that provides data privacy andsecurity provisions for safeguarding medical information.

10. Sharing the Control Stack Without the enormous security intelligence capability of a cloud platform, detecting suspicious patterns in massive amounts of operational data would be like mission impossible for most enterprises. Managed cloud services makes it easier to keep up with security upgrades and scale up operations at speeds not possible before. “Now, that doesn’t mean you can forget about compliance in business and security requirements.” - Omesh Agam, Appian “It means moving towards a shared controls framework. And what that means is that you’re now sharing the control stack with someone else.”

11. Continuous Multi-layer Monitoring At Appian, we have continuous monitoring of multiple layers with our infrastructure providers at their physical hardware level, their data centers, servers, and platform level as well. “You don’t get to ignore basic logging and monitoring hygiene just because you’re using a SAAS provider.” More than 85% of enterprise IT organizations will commit to multi-cloud architecture by 2018, according to IDC. About 75% of developer teams will include cognitive/artiﬁcial intelligence functionality in cloud applications. And most of these will be sourced from the cloud.

12. Are You Ready for General Data Protection Regulation? With the implementation of GDPR, companies will have to report data breaches to regulators—and inform customers—within 72 hours. And the cost of non-compliance? In a word, steep. Violators could get hit with a €20 million euro ﬁne, or forfeit up to 4% of their global revenues, whichever is greater. GDPR hasn’t stopped digital leaders from migrating to the cloud. To put things in perspective, public cloud spending will grow at nearly seven times the rate of overall IT spending, according to IDC. By 2020, public cloud spending will reach $203.4 billion worldwide, from an estimated $122.5 billion in 2017. €

13. Experts: Public Cloud to Continue Trending Up So, if you’re thinking about stepping up to cloud adoption, but you’re worried about data security in your enterprise operations, what should you do? Take stock of your most critical internal assets, and understand how data ﬂows both inside and outside your organization. Number one, from your own internal organization, you should take stock of your most critical assets, and understand how data ﬂows inside and outside your organization.

14. Know Security Requirements for Your Data It's essential to know your data security requirements, because that'll let you have a more open and honest conversation with your cloud vendor’s security ofﬁcer about your compliance and regulatory requirements.

15. Security Review Not Just Cloud Vendor’s Job It’s a continuous process that’s continuously evolving. You should constantly maintain it, which means conducting security reviews on a regular basis. Conduct audits by reading your vendors audit reports, their SOC reports, their PCI reports. The essential lesson: Take a policy-based approach to controlling what people can and can’t do with your business-critical data, across your organization.

16. facebook.com/AppianCorporation linkedin.com/appian-Corporation appian.com/appian-cloud-trust instagram.com/appiancorp youtube.com/appian twitter.com/appianLEARN MORE