Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical Security

The 5 most important aspects of a comprehensive cloud security program

By Joey Stanford
cloud-and-tablet.jpg

Image via Pixabay

September 19, 2023

There are many benefits to utilizing the cloud for data storage and IT infrastructure, including reduced costs, faster deployment, ability to scale and continuous protection. However, there are also complexities and challenges that enterprises face when securing their cloud environments.  

Enterprise cloud security is a broad term that can include security policies, technologies, applications and controls that are used to protect sensitive enterprise and user data wherever it is exposed in public, private or hybrid cloud environments. These are all important factors because they enable organizations to balance productivity and security as they embrace digital transformation and cloud-based tools and services. 

The growing reliance on the cloud 

With inherent benefits that on-prem doesn’t offer, including flexibility, ability to scale and 24/7/365 support, and more importantly, a usage-based pricing model, the cloud has emerged as the backbone of many companies’ IT infrastructure. Cloud platforms also tend to be more secure, with the “Big 3” platforms employing high-quality IT and security talent. 

However, with the increasing reliance on the cloud, it has also become a prime target for bad actors with nefarious motives. In fact, a 2023 global cloud security study found that 39% of businesses experienced a cloud-based breach in 2022, rising 4% from 2021. The study also revealed there has been a large increase in sensitive data stored in the cloud. Of the nearly 3,000 IT professionals surveyed, 89% of respondents said that 40% of the data that their companies store is considered sensitive.  

Overcoming cloud security challenges

IT leaders must contend with a growing list of cloud security challenges with protecting data from authorized access, leakage and loss across different cloud platforms and devices as their top priorities. For companies relying on private clouds, detecting and responding to advanced threats and attacks that target their cloud infrastructure in applications in real-time is a 24/7/365 job which is why many businesses opt to outsource this function to service providers that use advanced technologies, including AI, to detect and thwart threats. 

Whether companies outsource their cloud security or manage it in-house, one of the more complex challenges facing organizations is, believe it or not, people. According to 55% of study respondents, the leading cause of cloud breaches is human error. Education and training is the best way to mitigate the potential for mistakes made by employees, 

A hybrid cloud approach can offer many benefits, but it also poses a challenge for organizations: how to comply with the diverse security standards and settings of different cloud providers. To overcome this challenge, organizations need to keep track of and manage their cloud usage and activity across users and applications.

In addition to addressing various standards and configurations, complying with regulatory and industry requirements for data privacy and security is of the utmost importance for a couple of reasons. First, because a lack of compliance can lead to legal action and steep fines should a breach occur, and second, a breach is bad for business and can tarnish a company’s brand.

While the U.S. doesn’t have a GDPR-like regulation (yet) the California Consumer Privacy Act (CCPA) comes close. The CCPA gives consumers more control over the personal information that businesses collect on them. It gives them a series of rights, such as knowing how this information is used and shared, and the right to delete their information once asked, among others.

The CCPA has “teeth” too. In August 2022, California Attorney General Rob Bonta announced the state had penalized Sephora $1.2 million and required them to comply with injunctive terms for tracking consumers through third parties — Sephora had failed to comply with the “right to know” and “right to opt-out” stipulations of the CCPA. 

To address these challenges among others, enterprises need to adopt a comprehensive and integrated approach to cloud security that covers all aspects of their cloud environment, including:

  • Identity and access management: ensuring that only authorized users and devices can access cloud resources and data
  • Data protection: encrypting, backing up, and restoring data in transit and at rest in the cloud
  • Threat prevention: blocking malicious traffic, malware, and ransomware from reaching or compromising cloud resources and data
  • Security monitoring: collecting and analyzing logs, events, and alerts from cloud resources and applications to detect and respond to anomalies and incidents
  • Compliance management: auditing and reporting on cloud security posture and compliance status against relevant standards and regulations

The cloud has nearly become ubiquitous in the 2023 business landscape and for good reason. With new advances in AI, it will become even more of a requirement for companies competing in the “AI economy.” The enormous amount of personal, financial and corporate data stored in the cloud should put IT leaders on high alert. Executing a comprehensive cloud security plan will help companies not only avoid fines and penalties but will help to mitigate the risk of a catastrophic data breach.

KEYWORDS: artificial intelligence (AI) CCPA cloud security data storage GDPR IT infrastructure

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Joey Stanford is VP of Privacy & Security, Platform.sh.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Red laptop

Cybersecurity leaders discuss Oracle’s second recent hack

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • SEC0820-Edu-Feat-slide1_900px

    A Comprehensive Guide to Building a Pentest Program

    See More
  • cloud-and-tablet.jpg

    The 5 pillars of cloud security for data storage

    See More
  • school-safety-freepik1170x658v6.jpg

    11 steps to build the foundation of a school security and safety program

    See More

Events

View AllSubmit An Event
  • November 14, 2024

    Best Practices for Integrating AI Responsibly

    ON DEMAND: Discover how artificial intelligence is reshaping the business landscape. AI holds immense potential to revolutionize industries, but with it comes complex questions about its risks and rewards.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing