Despite advancements in cloud security, overall data security threats and concerns remain a big worry preventing enterprises from moving to the cloud.
Still, new software updates continue to transition more and more data to the cloud, including Personally Identifiable Information (PII).
In the Gartner report Market Insight: Cloud Computing's Drive to Digital Business Creates Opportunities for Providers, the global research firm states that, by 2020, cloud-first, and even cloud-only, will replace the defensive no-cloud stance that dominated many large software providers in recent years.
Today, most provider technology innovation is cloud-centric, with the stated intent of retrofitting the technology to on-premises. Gartner predictions include that by 2019, more than 30 percent of the 100 largest vendors' new software investments will have shifted from cloud-first to cloud-only. For SaaS, the software provider usually controls security yet, as cautioned by Gartner, watch out for application security, which is a major vulnerability and the area of concern.
The biggest threats are not from SaaS providers, but from hackers.
Did you know the BYOD (Bring Your Own Device) market is expected to top $181 billion by the end of 2017 and that roughly 67% of employees already use their own devices at work to access both company and personal data?
BYOD allows employees to work and access enterprise data and systems using their own mobile devices such as laptops, tablets, and smartphones.
What does this mean for PII?
Protecting customer data such as credit card information, log-in credentials, and other personally identifiable information is one of the top priorities for both security and risk leaders, as well as business leaders.
A breach of customer information could result in the organization’s loss of public trust, legal liability and significant cost to remedy damages. While it is best practice for organizations to limit the use, collection, and retention of PII to only what is absolutely required for business purposes, oftentimes it is not known exactly what information is stored and where it is located to effectively manage it and ensure its protection.
Enterprises need to cater to the cautions and demands of cloud security in the mission to protect PII - keeping in mind the positive reality that cloud service providers typically have the ability to support far greater and more effective security systems and platforms than are practical for most individual enterprises today.