Authored by: Mark Lewis, SVP Sales and Marketing at Orasi Software
Cloud computing adoption has significantly increased across industries. From small to large, from IT to automotive, organizations are embracing the cost advantages and agility of cloud computing.
However, there is an increase in the rate and creativity in which vulnerabilities inherent in cloud computing environments are being exploited. According to Checkpoint’s 2020 Cloud Security Report:
- 68 percent of enterprises find the misconfiguration of assets in the cloud as one of the most significant contributors to cloud security threats.
- Almost 75 percent of enterprises are ‘very concerned’ or ‘extremely concerned’ about how secure they are in the cloud.
- About 58 percent showed the aspect of unauthorized access.
- 52 percent deal with insecure APIs and interfaces.
- 43 percent are worried about external sharing of data.
- 36 percent worry about malicious insiders, and 50 percent with the hijacking of accounts and traffic.
All of this doesn’t necessarily bode well for cloud adoption. But, the advantages of cloud computing can be embraced without throwing security out the window.
Security gaps – the enormous challenges in the cloud
Some incidents and threats seen in the last two years are very telling that while the cloud is flexible, it is vulnerable to major risks.
- Outages – unplanned and with significant effects on services, infrastructure, and uptime
- Latency during sudden spikes in customer requests
- Availability during downtime
- Data theft during cloud migrations
- Issues with workload provisioning
- Denial-of-service attacks
- Supply chain attacks as the ones seen in the last two months with major IT software vendors
Organizations need to realize that the decision to move to the cloud involves a lot of factors and efforts in areas like,
- Who controls data?
- What data resides where?
- How can the data be backed up and where?
- How quickly can data be recovered?
- How can/who develops a disaster and recovery plan?
- Who pays for data theft and when?
- What measures can be taken to ensure private and hybrid cloud deployments are secure?
- What and how much information can be shared about an outage or data breach? What steps should be taken for when a zero day threat is discovered?
- How can network routing, workload management, and data monitoring be simplified in a cloud environment?
- What processes exist for software updates and patches in case of a major flaw?
- How easy is it for a threat actor to access your networks and data through a supply chain or other partners’ cloud environment?
- What processes, policies and how much budget exist for resilience, risk mitigation, and data recovery?
- What is the overall risk governance framework in an enterprise – has it been specifically tailored for the cloud?
Cloud computing is packed with a lot of potential and can accelerate digital transformation in organizations. But with cloud computing comes vulnerabilities that threat actors can exploit.
Taking advantage of the scalability and flexibility of the cloud can also be the launching bad guys use for a cyberattack against an organization. It can be done in small or significant ways. An attack can not only affect just an organization’s networks or also result in downtime, customer data loss, and compliance penalties. Organizations should work with trusted vendors and partners to ensure that they are well-prepared for security incidents of any scale. As always, being prepared is half the battle.