Security concerns will continue to be a problem for consumers and corporations. In one of its security predictions, Gartner stated that through 2020, 95 percent of cloud security failures will be the fault of customers. “Only a small percentage of the security incidents impacting enterprises using the cloud have been due to vulnerabilities that were the provider’s fault,” the report said. “The characteristics of the parts of the cloud stack under customer control can make cloud computing a highly efficient way for naive users to leverage poor practices, which can easily result in widespread security or compliance failures. The growing recognition of the enterprise’s responsibility for the appropriate use of the public cloud is reflected in the growing market for cloud control tools.” Gartner had also predicted that by 2018, nearly 50 percent of organizations with more than 1,000 users will move to the cloud, with cloud security brokers monitoring and managing their data, which became true.
“Recent history has shown that virtually all public cloud services are highly resistant to attack and, in the majority of circumstances, represent a more secure starting point than traditional in-house implementations. No significant evidence exists to indicate that commercial cloud service providers have performed less securely than end-user organizations themselves. In fact, the most available evidence points to the opposite. Only a very small percentage of the security incidents impacting enterprises using the cloud have been due to vulnerabilities that were the provider’s fault,” the report stated.
One of the biggest issues of cloud security is identity and access management. A recent survey from the Cloud Security Alliance showed that nearly 22 percent of respondents linked a data breach to compromised credentials. One key area is to focus on is Identity and Access Management (IAM) policies for cloud apps. Companies embracing big data solutions also must adopt more perimeter and identity security solutions. The first step must begin with ensuring a proper verification process that can defend the systems from modern-day hackers and their techniques. There must also be continuous testing of security solutions already in place.
Another key area of concern should be the internal access control policies as these must be extended to outsourced information technology vendors and other third parties, and there must be a central body that controls these aspects. “The corporate IAM policy needs to be extended to encompass the cloud apps that you have identified, and then combined with alerting mechanisms that can report on unusual logon activity on cloud services. By undertaking this process, it reduces the likelihood that credentials can be stolen and misused without the organization being aware,” suggests a report in Tech Target, last year.
The necessity for cloud adoption varies from company to company. And in most cases, the benefits of cloud computing depend on the kind of business the organization is. Just like with any tool, organizations ultimately must consider their risk profiles, staffing and access, resource allocation, and regulatory policies within the organization, and risk appetite before making a decision about cloud storage.
We at CISO MAG are set to publish the Power List, a comprehensive publication which will explore critical areas of cloud security while elucidating best practices to adopt for securing the cloud space. Ahead of it, we are discussing several trends and vendors in the space while we tell you what differentiates each product from the rest.
The opinions expressed in this article are the personal opinions of the author. The facts and opinions appearing in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.