Cloud computing has dominated our collective business consciousness over the last 10 years. Unfortunately, cloud computing security’s popularity pales in comparison. While organizations and individuals have spent the last decade moving data from on-premise servers to the cloud or hybrid environments, they often take the security of that migration for granted.
We spoke to cybersecurity experts about the changing landscape of cloud security for 2020. These are their assessments of our current risks and how organizations should prepare themselves.
The current risks posed by cloud computing
Cloud computing grows ever more popular. When businesses store their data in the cloud, they take advantage of an infrastructure as a service (IaaS) with built-in security protocols. Many organizations also benefit from the reduced overhead costs of ditching their on-premise servers.
But organizations that migrate their data to the cloud do take on a level of risk. Henry Ly, project manager at OccamSec reminds us that “As everything shifts to the cloud, attackers will be going after misconfigurations in the cloud. Organizations are still responsible for securing everything in the network infrastructure, and human errors during the configuration process will make it easy for attackers to get in.” As with so many security risks, human error during the system configuration poses a significant threat.
Jim Sneddon CTO and founder of Assuredata agrees, “With so many companies using cloud-based systems, they are rich pickings for cyber criminals.” He notes that cloud databases attract bad actors because they pose such a rich payoff, with huge stores of data in a single location.
And the criminals know how to get in easily, as “They just look for poorly configured systems to exploit and they then have the low hanging fruits of their labour,“ Sneddon says.
While many organizations have gotten over (or ignore) their original misgivings about sharing database space with other organizations in the public cloud, they may have worried about the wrong threat.
Advice for securing cloud storage in 2020
The experts we spoke with emphasized cooperation between organizations and their cloud providers. They agreed that a lack of communication about services, security protocols, and expectations would increase the risk.
However, Adam Stern, founder and CEO of Infinitely Virtual wants to temper the threat of cloud computing. He says, “…the cloud has matured and is (finally) a highly secure place to do business. The cloud now has the procedures, tools, and safeguards that make it among the safest places to be during a cyber-storm.” But these guardrails can only go so far.
“Enterprises should adopt solutions from companies that give cloud visibility, recommend security policy, and orchestrate the policies to prevent attacks,” says Umesh Padval of Thomvest Ventures. “Secondly, they should accelerate data protection and encryption while data is being transmitted, stored and processed.” These added safeguards protect organizations where their cloud security providers leave off.
Ameesh Divatia, co-founder and CEO at Baffle, Inc, says that organizations have a long way to go before gaining full cloud computing maturity. He argues, “…companies will need to go beyond focusing on cloud security configuration and controls and come to grips with protecting the actual data as part of the ‘shared responsibility model.’”
Stern adds, “To the extent that users feel ill-served by cloud vendors, cloud computing itself could be at risk. Vendors who argue for DIY security—effectively passing the buck to users, rather than partnering with users—are likely to suffer.”
He goes on to recommend that organizations “Embrace providers who bask in security. Bad actors have ever-bigger toolsets and are relentlessly upping their game. In the year ahead, those organizations that put aside (often political) turf wars around on-premises vs. off-premises computing and focus instead on strategies, policies, and practices that ensure application and data safety/security are most likely to prevail.”
These experts agree: cloud computing will continue to rise in importance in the business landscape. As more data is transferred to and stored in the cloud, the more important cloud security practices will become.
Finding the right cloud security software
Whether you partner with a cloud storage solution that provides the full-service security you need, or your organization decides to manage your cloud security with in-house software, choosing a vendor is never easy.