What a CIO Needs to Know About Cloud Security

Knowing how secure the cloud is can help you determine your company’s policies for organizational use of public cloud services.


Major data breaches are no longer a rare occurrence in the business world. It comes as no surprise, under those circumstances, that cybersecurity in general is a hot topic. With cloud-based solutions becoming so widely used, cloud security is one of the primary concerns of IT professionals.

That’s only one of the things that keep Chief Information Officers up at night. Knowing how secure the cloud is can help you determine your company’s policies for organizational use of public cloud services.

What does every CIO need to know about a few of the more pressing issues within cloud security? Here’s a quick look at the most important ones, using industry information from anti-phishing solution maker Area 1.

Data Point 1: Cloud usage continues to be on the rise.

When it comes to the discussion about cloud security, it’s important to remember that cloud solutions, like any other technology, mostly depend on how we’re using them. As the CIO, you will likely be working for one of the 80 percent of businesses expected to be using the cloud by 2020. This rapid growth is leading to new issues in cloud security. What creates a cybersecurity problem, more often than not, is how users are managing the controls of the cloud solution itself.

Data Point 2: Better security is enabling additional cloud usage.

There are a couple of reasons for this. The first is that providers of cloud services or solutions can usually afford to maintain better IT security than do many organizations in their IT departments. Also, cloud servers are physically out of reach of the employees, both current and former. Therefore, your primary concern as the CIO should be to ensure that you’re using cloud solutions securely.

Data Point 3: Know the core vulnerability of the cloud.

Unfortunately, as with many other technologies, the weakest links in the cloud security system are humans. Human error is the starting point of most security breaches. A recent Cloud Security Alliance outlined a “dirty dozen” of security threats prevalent in cloud security. Nearly all of them found human error as the source.

Included in this dirty dozen are weak credential, identity, and access management, account hijacking, insufficient due diligence, and advanced persistent threats. All of these security issues have, at their heart, phishing attacks.

Data Point 4: Phishing causes 95 percent of all cyber data breaches.

This statistic applies to the cloud. Whatever type of accounts hackers wish to target through phishing attack, they can. Education can help prevent phishing somewhat, but technology-based anti-phishing solutions that stop phish before they even land in your employee’s inbox are much more effective and secure.

Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor-in-Chief of eWEEK and responsible for all the publication's coverage. In his 15 years and more than 4,000 articles at eWEEK, he has distinguished himself in reporting...