Over the last several years, public cloud computing resources have developed into a flourishing IT supermarket of processing capacity, storage, applications, and a variety of automated tasks (networking, security, and system maintenance), all offered “as a service” by third-party vendors.
These and other public cloud computing services have mushroomed largely due to the economic and strategic advantages they offer their paying customers:
Public Cloud Security Risk FactorsAs with every IT undertaking, adopting public cloud-based services also introduces some significant, yet manageable security risk factors into the IT value delivery equation.
Acquiring cloud services puts buyers in the position of having to trust cloud vendors to deliver clean and secure offerings. While the overwhelming majority of service providers do a good job of keeping their offerings secure, purchasers still need to practice due diligence in regards to purchasing and managing cloud services offerings.
Many cloud service providers also have headquarters or operate facilities offshore. While an offshore presence should by no means be a deal-breaker, many buyers, and the stakeholders they serve may be subject to data patriation requirements that forbid electronic information from traveling beyond national borders or into specific countries.
In addition, buyers need to carefully consider the quality of a cloud vendor’s front-line service delivery staff. What is their general level of technical education? Do they possess certifications in competencies important to the purchaser? Might they have conflicting loyalties? Do foreign providers cynically consider cybersecurity to be a first-world problem?
Users must also consider the degree to which service providers exercise best practices in in employing IT processes and protecting data placed in their care. How robust are their preventative cybersecurity and hygiene programs? How effectively do they detect and respond to exploits? How promptly and thoroughly do they report breaches to customers and the public?
Finally, cloud vendor cybersecurity practices can inherently lack transparency compared to what a purchaser expects and receives from in-house IT programs. And even when a cloud services user becomes aware of a security issue traceable to a cloud-based service, they may not have the power to fix things not under their immediate control, and they should be familiar with escalation procedures and the details of any service level (SLA) agreements.
Specific Types of Public Cloud Security ExploitsIn general, if a cybercriminal is able to successfully launch an attack at an owner-operated IT infrastructure, they can also launch one at a cloud service provider. In fact, public cloud services have become highly attractive targets for cybercriminals. For them, breaking into a cloud service is like merging onto a superhighway that can deliver their little bundles of evil far and wide, potentially impacting hundreds or thousands of organizations with a single strike. Vectoring a threat through a cloud service can also enable an adversary to bypass an organization’s native cybersecurity defenses.
The most common public cloud-borne security breaches fall into three categories:
Digital transformation is being driven by executive mandates to accelerate the business, whether through new revenues, improved service delivery, or increased efficiencies. This mandate directly transforms cybersecurity into a strategic business enabler. Public cloud services are at the center of what is taking place. But without the right security architecture and controls in place, this essential business transformation will be inhibited or even stopped.
For more information on cloud security, check out our guide, “Defining Security for Today’s Cloud Environments.”
Please contact VietNet for more information:
📩 Email: firstname.lastname@example.org
☎️ Hotline: 1900 6736
💼 Website: Viet Net Homepage
📣 Fanpage: Viet Net Fanpage
🎥 Youtube: Viet Net Youtube Channel