As companies moved to the cloud to simplify their IT management, including improving security, they’re learning that it’s not as simple as “shift applications to the cloud and watch the magic happen.”
It’s not that most organizations see it that way, but that is how it is when the companies feel it one way to better security. It’s why it’s been a rough couple of years for cloud security. And while recent vulnerabilities disclosed such as Spectre and Meltdown have cast a long shadow over the ability of enterprises to defend themselves enterprises need to be vigilant for potential exploitations.
One thing that security concerns are not expected to cast any shadow on cloud sales. A recent market research data released by QYResearch forecasted the global cloud computing industry to grow by roughly 26% from 2017 to 2022.
This current bevy of hardware flaws won’t slow that demand down any time soon. According to a report from Synergy Research, and reported in CRN, the overall cloud market grew 24% last year.
“Over the past four quarters leading up to September of 2017- essentially Q4 of 2016 to Q3 of 2017 – cloud sales, including on all services and all infrastructure products used for building clouds, achieved an overall market of $180 billion,” Joseph Tsidulko wrote in his story Cloud Computing: Now A $180 Billion Market.
According to the story, cloud infrastructure and platform services grew 47 percent, with hosted private cloud growing 30 percent. That’s quite a clip.
The unfortunate reality is, however, that many organizations don’t need a low-level hardware flaw in the infrastructure of their cloud providers to make themselves vulnerable. They can do that all on their own. Perhaps it was the rush to the cloud that is part of the reason why there have been so many cloud-related breaches, such as when a poorly configured AWS S3 bucket exposed thousands of military and intelligence personnel records to unauthorized public access. According to the story, thousands of military contractor files allegedly left online, unsecure, published in The Hill, those files included personal contact information.
“Chris Vickery who works at UPGUARD as researcher said he discovered some set of unsecured resumes on a public-facing AWS cloud server in July that was left unprotected by any form of login. Typically, this happens as a result of misconfigured security settings.
It’s certainly not the only example last year. Verizon exposed millions of customer records due to another unprotected S3 bucket. Dow Jones experienced a similar gaffe. In fact, throughout 2016 and 2017 we witnessed many poorly configured cloud-based databases being breached.
Fix it with a minimal effort
As if organizations weren’t having a challenging enough time keeping their environments secure, along came to the vulnerabilities Meltdown and Spectre just recently made public by Google. These hardware flaws affect almost every current processor and, through exploitations against “speculative” code execution, attackers can capture passwords and private encryption keys. Filip Truta provides an overview in his post, Meltdown and Spectre: decades-old CPU design flaws put businesses at risk. And fixing some of these precarious hardware glitches can have a significant impact on the cloud systems performance
“Not only did we see significant slowdowns for many applications, but we also noticed inconsistent performance, since the speed of one application could be impacted by the behavior of other applications running on the same core. Rolling out these mitigations would have negatively impacted many customers,” wrote the Google Cloud team in this blog post.
Most organizations do not have just one, or two, or three cloud service providers to worry about. According to RightScale’s 2017 State of the Cloud Report, 85%t of survey respondents are using multi-cloud, with most running production applications in four clouds.
“Companies now run 79% of workloads on the cloud, with 41%of workloads in the public cloud and 38% in private cloud. It is essential to note that the workloads running in the private cloud may consist of workloads running in present virtualized environments or bare-metal environments that have been “cloudified,” the report states.
Turns out the move to the cloud weren’t the security nirvana many (incorrectly) expected. And effective cloud management requires all of the things that traditional and on-premises systems require – good asset management, classification of data and resources, having the right security controls in place and monitored; as well as good incident response and business continuity plans.
So as enterprises clouds scale, we have seen threats and other risks to cloud apps and data. This is why cloud security strategy has to scale as cloud adoption grows more complex. One good place to begin, or make sure your company’s cloud security strategy is on point is, the Cloud Security Alliance’s most recent Guidance for Critical Areas of Focus in Cloud Computing 4.0 is a great place to start.
The guidance 4.0, as detailed by the Cloud Security Alliance, functions as a practical roadmap for those on the lookout for safety and to securely adopt the cloud model.
According to the Cloud Security Alliance, about 80% of the guidance was revised to better embody the current and future state of cloud computing security and reflects real-world safety measures for cloud practices.
While we are still a long way away from cloud security Nirvana, there are many enterprises and other organizations can do to bring more serenity to their current environments.
Study the Infographic below from Synopsis titled 10 Critical Cloud Security Threats for 2018 and Beyond.