The commercial imperative to use cloud services is ever increasing. Security concerns, once a show stopper, should no longer be the barrier.

It has been reported that ‘cloud security’ is an oxymoron, a contradiction in terms. How can something that is abstract, ephemeral and cannot be touched by its users be trusted or secure? Of course, the cloud does exist in physical terms. The files, data and information are simply stored, accessed and moved around on other people’s computers. Even so, the question remains: can this ever be trusted or secure?

The benefits of adopting the Cloud are spread across a range of applications from the business back office functions, through collaboration tools, customer portals and the Internet of Things (IoT) – monitoring as well as command and control. The thing all these applications have in common is the ability to share information much more easily than ever before.

However, myths abound and people hold entrenched views and positions about cloud security. But the take-out from these emerging ‘cloud-first’ policies is that we have to find a solution. It is no longer acceptable to just say no.

In this paper, we look at the principles behind the cloud that present us with security challenges and explore where responsibility for solving the issues lies. We look at the governance approaches to manage these complex responsibilities, and explore the data lifecycle and core touch points to protect the critical data.