Improvements in reliability, speed and sheer compute power have changed the way companies look at the cloud: Once an outlier, cloud computing is now a necessity for orginizations looking to embrace mobile technologies, leverage big data and gain a competitive advantage. It’s cheaper and easier to launch applications. But as the speed of deployment increases, your security risk goes up as well.
Security is no small challenge. As noted by online publication IT Pro, 83 percent of companies prioritize cloud computing security. While according to Business Insider, citing a study by consulting giant McKinsey, just 40 percent of organizations have more than 10 percent of their workloads in public clouds — because of security concerns.
The takeaway? Continual improvement in security is critical as the cloud shifts from outlier to essential infrastructure.
As noted by the Business Insider piece, 83 percent of companies are planning to move more applications and services into the cloud over the next few years — even as security evolves alongside current deployments. Yet with clouds now past the point of early-adopter hype, and giants such as Amazon and Google struggling in the “race to zero,” shouldn’t security have sorted itself out by now? Not quite.
- The cloud is everywhere — Public clouds, private clouds, hybrid and multi-clouds; the definition of “cloud” changes depending on the company and its use case. The result? Cloud security can’t stay static.
- Much of the cloud is open source — Open-source tools and services underpin much of the public cloud, making common vulnerabilities (think Heartbleed) a serious threat. Even the hardware is susceptible to open-source vulnerabilities, as we just saw with Spectre and Meltdown in the last two weeks.
- Clouds are evolving — Niche and specialty services are quickly outpacing catch-all cloud solutions, creating a patchwork problem that must be addressed with improved security.
The Pitfalls of Standing Still With Cloud Security
What happens if companies stay out of the cloud security race and instead opt for what they’ve got? Common cloud computing security risks include:
- Data breaches — As noted by IT resource CSO, data breaches will remain a top threat through 2018, as hackers look to steal and monetize confidential information.
- Access management — Who has access to which services? When? Why? Access management issues remain a persistent problem for cloud-based networks.
- IoT issues — Mobile devices coupled with wearables, sensors and the evolution of 5G networks demand security capable of handling thousands of simultaneous connections.
Core Concepts of Cloud Computing Security
How can companies improve their cloud security without breaking the bank or disrupting deployment? Start with tried-and-true security measures like the principle of least-privileged access: Give users only the permissions they need to complete key tasks, and continually re-assess total network access. Stay the course with reliable tactics such as regular security patching, timed log-outs and regular employee training to prevent social media over-shares and accidental insider threats. Then, get ahead of the security curve with cutting-edge RASP-based security tools using runtime protection to block OWASP top 10 attacks, while collecting key data to make your next network defense more effective.
Clouds are evolving; cloud computing security must keep pace to protect critical data.