04-08-21 | Blog Post
While acknowledging all of these business benefits, in 2021 there are still significant concerns for potential pitfalls and headaches associated with cloud and cloud computing security. 85% of businesses are already making use of cloud technology, so it’s definitely worth reviewing several of the top “potential” issues that business should be aware of with their use of public, private and hybrid cloud services. There are links within each of the sections (listed alphabetically) which will take you to deeper discussions of the individual topics.
Cloud sprawl: When you’re running more cloud instances than you need which leads to to wasteful spending, hampers productivity and opens more threat vectors thereby increasing security risks. Sprawl shows itself in a variety of ways including idle or forgotten workloads, non-persistent workloads and over allocated workloads. A component of Cloud Sprawl is Shadow IT or independent procurement of cloud services without IT engagement.
Compliance and Sovereignty: Compliance, sovereignty, and security requirements for data and records access, storage, and transport are specified as regulations. These regulations come from a wide group of governing bodies including PCI DSS, HIPAA, GDPR, SOX and others. A properly architected hybrid cloud solution assures your data and records have a commensurate level of compliant cloud infrastructure while offering optimal business economics. Around the world, the average total cost of a data breach is just under $4 million, with an average of $150 per record cost. The average time to identify and contain a breach (known as the breach lifecycle) is 279 days. There’s an obvious ROI benefit to following any compliance requirements that govern your business.
Data leakage: Broadly defined as the transport of data or IP to an external location or party without appropriate authorization. Some of the causes of data leakage are open databases that lack security or encryption (whether intentional or not) malware and phishing, the latter representing malicious forms of data leakage. Insider Threat, Data leakage or misconfiguration can also be maliciously perpetrated by “insiders”; current or former employees or 3rd parties that have legitimate access to your networks.Unauthorized access, simply defined as gaining access to networks or resources without permission. Unauthorized access is another root cause of data leakage that typically finds its origins in social engineering and/or problems with authentication systems.
Misconfiguration: Cloud compute assets or controls are set up incorrectly creating a threat vector vulnerable to cybercrime. Unsecured databases, firewall and server access misconfigurations are additional areas where human error is common. APIs, as outlined in this recent CIO article, are intended to streamline cloud computing processes. APIs can become yet another threat vector when misconfigured and/or left unsecured. 70-75% of data center failures are caused by human error.
Network and security visibility: Cloud networks and resources frequently operate outside of the visibility of legacy network monitoring tools. This can dramatically impact configuration, security and costs for your cloud-based resources. Monitoring of network, access, and security is best accomplished via a simplified interface that integrates with private networks and cloud-based services.
Looking for a cloud provider that takes security as seriously as you do? It’s up to you to develop your own cloud security strategy and thoroughly vet your cloud providers, working with them to put the proper security measures in place that will keep your data protected. The right provider will be able to help guide you to be secure at every layer in the stack, not just the infrastructure. Otava bakes security into its people, processes, and technology, and its 12 locations worldwide are audited independently against physical, administrative and technological safeguards every year to ensure sensitive data is always secure and protected. Contact us to see how we can help secure your data.
Additional Information:
How Security and Compliance Could Save You (and Your Clients)
Did you attend Otava’s webinar covering security, compliance and business continuity?
To learn more, check out the full recording and the presentation!
Achieving Security In the Cloud
To run successfully in the cloud (i.e., with little to no security failures), you’ll need to consider the difference between secure cloud infrastructure and secure applications within that infrastructure.
Ransomware preparedness with cloud solutions: According to a recent IDC survey, about 50 percent of organizations said they could not survive a disaster event, with 91 percent of respondents experiencing a tech-related business disruption in the past two years. Most organizations are already using cloud technology for their everyday business activities, but consider how it can help you prepare for a ransomware attack before it hits.