UPDATED 13:00 EST / NOVEMBER 19 2014

Top 5 ways consumers can protect their data in the cloud: Q&A with SysAid CEO Sarah Lahav

cloud security, IT cloud security, cloud privacy, cloud protectionAdopting a cloud policy is the driving force behind the success of many businesses today, but security remains a big concern for organizations considering a migration to the cloud. It’s more challenging to protect sensitive data such as confidential customer and payment information in a cloud environment.

So, how do the security problems that are facing enterprises affect consumers? How can consumers safeguard their sensitive data when using popular cloud-based services? To find out, we asked SysAid Technologies Ltd.‘s CEO Sarah Lahav about the state of cloud security today. Here she discusses cloud security, including the top ways that consumers can protect their data when using cloud-based services.

SiliconANGLE (SA): SysAid Technologies is a provider of IT Service Management (ITSM) solutions that are available as a cloud-based (or on-premises) solution. Are these solutions available to small-to-medium-size businesses (SMBs)?

Sarah Lahav (SL): Both cloud and on-premises delivery models are available to SMBs, mid-market, and enterprise-level customers alike. We offer Basic, Full and Enterprise editions for each delivery model; the customer can decide what they require based on the IT issues that they need to resolve and/or IT activities they need to support.

.

SA: What are the Top 5 most common misconceptions still surrounding cloud security?

SL: 1. That the biggest customer concern with cloud services is security. Maybe it was five years ago, but the need for integration to existing data center applications and other potentially cloud-delivered applications, plus availability levels, are now also just as front of mind (if not more) for customers looking at cloud offerings.

2. That public cloud security concerns will prevent organizations moving to the cloud. While still true for some geographies and industries, I think that savvy organizations will look at their IT service delivery needs on a case-by-case base. This might entail moving applications and workloads to the public cloud, keeping them in-house or taking a hybrid cloud approach to get the best of all worlds relative to cost, scalability, availability and security, amongst other factors.

Sarah Lahav, CEO of SysAid Technologies

Sarah Lahav, CEO of SysAid Technologies

3. That cloud service providers don’t appreciate the importance of security to customers. While dependent on the customer segments to which they sell, most cloud service providers would not survive a security incident from a business sustainability perspective. Thus, for many, their security has to meet enterprise-level requirements whether their average customer is enterprise-level, a SMB or somewhere in between. I often say that enterprise-level cloud service providers will have better security than the data centers of their customers—they just can’t afford not to.

4. That all cloud offerings are born equal. They are not. This applies to security as well as availability and support in particular; the supplier’s capabilities and credentials need to be thoroughly checked. Additionally, is it a true cloud solution or a hosted version of the vendor’s on-premises application? This might also impact the security risks associated with the offering.

5. That corporate IT departments can stop Shadow IT, often unsanctioned cloud services, and the use of personal cloud services. And that the security implications of employees procuring their own cloud services can be avoided. They can’t. IT instead needs to ensure that it has the ability to work with business functions and colleagues to collectively protect the business’ data and reputation, from a security perspective. This will involve governance and security policies/techniques being adapted to fit these more modern approaches to IT sourcing.

.

SA: For various reasons, the cloud is still not secure, and we see this in the recent breaches of retailers and banks. What should be done to ensure the cloud and to safeguard consumer data?

SL: I would personally question how many of these retailer and bank breaches were cloud-related and how many were related to the organizations’ own data centers. But whether they were or not, it’s an important learning opportunity for organizations of all sizes to apply due diligence to the cloud security credentials of prospective cloud service suppliers during the selection and procurement processes.

cloud_computing_2014_0007So, look for the recognized security standards such as SOC 1/SSAE 16/ISAE 3402 (formerly SAS70), SOC 2, SOC 3, ISO 27001, and FedRAMP. Look at what the supplier does at an application level, too, and how they regularly test their security. Plus, larger customers will often need the ability to test the third-parties security themselves for governance and compliance purposes.

.

SA: What are the Top 5 ways that companies (as consumers of cloud services) can protect data in the cloud?

SL: 1. Check the supplier’s security credentials.

2. Speak to existing customers wherever possible. Look to community and social forums, and social streams for signs that existing customers have had issues with, or concerns over, security.

3. Make informed decisions about what applications or workloads can be moved to the public cloud. This will most likely require having some form of data classification and user classification frameworks.

4. Take a hybrid cloud approach such that data is treated according to your data classification framework and sensitivity.

5. Ensure that cloud use doesn’t fall foul of geographical and industry-specific regulation. Ensure that the ability to test supplier security is part of the service contract.

.

Personality Q&A

.

SA: Favorite food?

SL: Pasta

.

SA: What’s the last book you read?

SL: Winter of the World by Ken Follett. He is one of my favorite authors.

.

SA: Everyone has habits, hobbies or interests that make them smarter. What are 5 things that make you a smarter individual?

SL: 1. Zumba, zumba and yet more zumba! I am addicted. It makes me smarter because it’s my true “break”. I forget about work and simply let go, which gives me the time I need to recharge my batteries. It’s my “me time”.

reading book cloud green tree park2. Reading. Whether it’s the latest news, non-fiction, fiction, or a new ITSM report that is out, reading boosts my brain. I read every night without fail, even when I am exhausted and want to do no more than collapse into bed. I have to get at least a few pages in.

3. The people I work with. No matter how good you are at a job, you can never be perfect and you need others to bring out the “smart” in you.

4. Trying new things. Sometimes my team thinks I am crazy with some of the eccentric ideas I come up with for marketing or quirky things we can do within our product, but I am a big believer in trying new (and sometimes crazy) things to see what works. We should always push the boundaries, embrace change and crucially learn from mistakes (when my crazy ideas don’t work). You don’t get smart by sticking to the same old things; you need to continually be learning.

5. Laughing. Laughter fosters creativity and problem solving, and more importantly, keeps you happy! A day with no laughter is a bad day. I try to avoid bad days as much as possible; they’re not productive!

.

SA: What are the 5 mobile apps you use most often?

SL: 1. The camera app. So I can take pictures of my beautiful children.

2. WhatsApp. It’s how I stay connected with both family and work (forget instant message and email, at SysAid we’re all about WhatsApp groups)

3. Facebook. Needs no explanation.

4. Waze. Because without it, I’d forever be lost (particularly with the amount of overseas travel that I do).

5. Twitter. It’s how I stay engaged with the IT service management community; anyone who is anyone in our industry is on there.

.

SA: You’re a successful CEO of a technology company—and you just happen to be female. Can you share 3 pieces of advice for girls or young women considering a career in IT?

woman reading on subway stationSL: 1. Keep a sense of humor. Gender stereotypes are sometimes as oppressive and limiting as women make them. Deflect gender jabs with a laugh or a smile, and don’t let them deter your ambitions and make you feel small.

2. Work hard. Go above and beyond your job description if you want to make a difference. Understand that being a woman makes you no different or less able to succeed. Male or female, put in the effort and the rewards will follow.

3. Don’t use stereotypes yourself. Sometimes we are our biggest enemy. We do something “silly” in the workplace or make a mistake, and we’re the first to make a joke about how “it’s such a woman thing to do”. In the same way we might say “Oh, I’m being so blond today”. Don’t use the stereotypes when they suit you; you’re merely giving permission to others to do the same.

.

Photo credit: perspec_photo88 via photopin cc
Photo of Sarah Lahav courtesy of SysAid Technologies
Photo credit: EJP Photo via photopin cc
Photo credit: ~Matt LightJam {Mattia Merlo} via photopin cc
Photo credit: moriza via photopin cc

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU