More companies are moving towards cloud technologies for lower costs, faster time to market, and increased employee productivity. However, the vulnerability of common cloud servers creates many new security challenges, the full impact of which we are just starting to determine. Spohn Security Solutions offers advice on catching vulnerabilities and proofing your company against cloud attacks.
Although the full impact on data security in the Cloud is yet to be determined, the market for cloud services continues to grow exponentially. The worldwide cloud computing market is expected to grow to $191 billion by 2020, up from $91 billion in 2015.
The numerous advantages of cloud computing are driving a large move to the Cloud, but there is a downside.
“With cloud computing becoming so prevalent, security becomes a vital issue to address. If a company is not aware of all the ways in which their data is being exposed, security breaches can be devastating,” says Timothy Crosby, senior security consultant for Spohn Security Solutions. Spohn has a long history of proactive security assessment reaching back well before cloud-based technologies even came on the scene.
Data security in the Cloud is a vital concern which is holding back cloud adoption for some IT departments, and driving cloud access security broker (CASB) adoption. CASBs are on-site or cloud-hosted software programs that sit between cloud service consumers and cloud service providers, whose function is to enforce security, compliance and governance policies for cloud applications. According to a Forrester report, by 2020, 85% of large enterprises will use a cloud access security broker solution for their cloud services, which is up from fewer than 5% in 2015.
More companies are recognizing their exposure to cyber threats now than they did before cloud access became so popular.
Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.
A recent Ponemon Institute survey of 400 IT specialists and IT security leaders uncovered how companies are managing risks with user-led cloud adoption. The Ponemon study identified nine cloud risks. Following high-profile breaches of cloud platforms Evernote, Adobe Creative Cloud, Slack, Equinox, and LastPass, it’s no wonder IT departments are reluctant to jump on the cloud bandwagon.
With LastPass, even admin passwords were exposed, thus possibly enabling cyber criminals to launch devastating cyber attacks. The scale of that breach was extensive. Ninety-one percent of companies have at least one LastPass user, and the IT departments at these companies may not even be aware that they have employees using LastPass.
Another 2015 study identified the top five concerns of cloud computing users. The top two listed were:
- Unauthorized access to or leak of customer information; and
- Security defects in the technology itself.
In addition, many employees are bringing their own cloud-based systems to the workplace or working remotely with cloud-based data. This BYOC environment opens up companies to even more security risks, the full impact of which is unknown at this time.
“When companies use cloud services to increase efficiency, they must also increase their diligence and security measures,” Timothy Crosby advises. Crosby suggests that since many companies are at greater risk of cyber threats due to the use of cloud-based services, it is important for them to take all possible measures to protect themselves. He says, “If companies act early and take offensive action before threats invade their systems, millions and even billions of dollars in valuable information and assets can be saved. It’s vital that top management and entire organizations recognize that it’s their responsibility —not just the IT guys’— to update their computer risk assessment and protect their companies from possible security or fraud infringement.”
Spohn Consulting, Inc., an Austin, Texas-based, privately-held company established in 1998 by Darren L. Spohn, is an authority in navigating Fortune 500 companies and medium to small businesses through the security business challenges of the 21st century.
1. Coles, Cameron. “9 Cloud Security Risks Every Company Faces.” Skyhigh, 16 June 2017, www.skyhighnetworks.com/cloud-security-blog/9-cloud-computing-security-risks-every-company-faces/.
2. “CASB: What Is a Cloud Access Security Broker? Watch Our Short Video.” Skyhigh, www.skyhighnetworks.com/cloud-security-university/what-is-cloud-access-security-broker/.
3. Grachis, George. “Achieving Compliance in the Cloud.” CSO Online, CSO, 15 May 2017, www.csoonline.com/article/3191542/cloud-computing/achieving-compliance-in-the-cloud.html.
4. “2017 Cost of Data Breach Study: Global Overview.” Ponemon Institute’s 2017 Cost of Data Breach Study: Global Overview, 19 June 2017, www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=SEL03130WWEN&.
5. “Top 5 Risks of Cloud Computing.” Calyptix Security, 22 June 2017, www.calyptix.com/research-2/top-5-risks-of-cloud-computing/.