Episode Summary

iland Director of Cloud Market Intelligence Brian Knudtson is joined by guests John Grange, Arjan Timmerman, and Christopher Paskewich for a conversation about the concerns customers have with securing their data in the cloud. They discuss the nature of data security in the cloud, ways to improve it, how providers can alleviate ongoing concerns, and the security requirements customers should define before migration. Remember, it’s okay to be paranoid. 

Panel

Cloud Conversations

Topic 1

[03:40] Is data in the cloud inherently less secure or are there ways to actually improve security in the cloud?

Topic 2

[11:41] Relying on a third-party to protect your data at the lowest levels is a legit reason to have concern with moving data to the cloud. I suspect security will always be a top concern for customers moving to the cloud, but what are some things cloud providers can do to address or alleviate this concern more directly?

Topic 3

[18:39] What security requirements do you recommend customers define when considering cloud platforms?

Cloud Bites

[03:46] “I think the cloud is actually inherently more secure than the previous on premise data centers.” — John Grange 

[04:05] “The cloud itself is programmatic. It’s API-driven, which means I can automate it, I can automate and make consistent the fact that we’re zero trust from a network perspective and that we’ve got our security posture nailed down.” — John Grange 

[06:04] “An on premises data center is something that’s built by a couple of tech geeks, right? And they are really good at their jobs, but it’s, nine out of ten times, not as secure as the cloud will be or can be, but it all comes down to making sure that you have the right people doing the right stuff.” — Arjan Timmerman

[07:16] “Data security is really a shared responsibility. Both the cloud services provider and the customer who is utilizing those services have some certain levels of responsibility.” — Christopher Paskewich

[09:37] “I think security has become more of a fluid conversation these days, right? You’re not kind of setting and forgetting things like you may have thought so in the past as you build out a data center.” — Christopher Paskewich

[13:27] “I think it all starts with, how am I going to make a secure environment for everybody, firstly internally, but then from the outside as well?” — Arjan Timmerman

[14:10] “How am I going to make sure that everything that we want to go out is secured, but that we can also monitor that from a security perspective as well?” — Arjan Timmerman

[15:40] “I think that the major providers are putting a lot of effort into providing that surround knowledge and that education that makes this stuff click.” — John Grange

[17:19] “Those are typically strains on an IT staff when you’re looking at building out things on prem that you kind of are able to offload to your cloud services provider that you select.” — Christopher Paskewich

[19:51] “Demonstrate compliance and security controls, not just self reporting, but also third party attestations around those compliances and controls.” — Christopher Paskewich

[20:24] “Security is an ongoing requirement. Things change. IT skills gaps are sometimes created and working with partners, that kind of maybe, can fill those IT skills gaps is going to be really important.” — Christopher Paskewich

[21:31] “I think that the number one thing I look for is probably, surprisingly, great documentation and training capabilities.” — John Grange

[23:01] “Make sure those partners will help your IT staff do the right things and learn from them as well, because they’ve got the knowledge. Nine out of ten times the IT staff that are doing those things don’t have that kind of experience and knowledge about what’s going on.” — Arjan Timmerman