Cloud Security Is a Shared Responsibility

The cloud is not merely a widely accepted computing model — it’s the basis for nearly every transformative technology on the horizon. The cloud will be a key enabler for looming trends such as the Internet of Things, quantum computing, serverless architectures, machine learning and more.

And each advance will inevitably create a new attack vector for resourceful cybercriminals.

Without question, cloud-based resources are becoming more important to organizations. Cloud-based applications and platforms are key tools for the modern workforce, and organizations are moving more sensitive data into the cloud. This is precisely what makes the cloud an attractive target.

A recent survey of 3,476 IT and IT security practitioners worldwide illustrates the level of concern about cloud security. The survey, conducted by the Ponemon Institute and commissioned by Gemalto, found that 60 percent of respondents believe it is more difficult to protect confidential or sensitive information in the cloud.

In truth, the cloud is probably more secure than traditional corporate networks. Cloud providers understand they are targets and that customers are wary — that’s why they have better security mechanisms in place and are more attentive to potential risks. They are much better at systemic security services, such using pattern-matching and heuristic technology to identify threats.

However, one of the unique characteristics of the cloud is that it involves shared risk between customers and providers. And that can be an issue. According to Gartner analysts, 80 percent of cloud breaches through 2020 are likely to be caused customer misconfiguration, mismanaged credentials or insider theft — not cloud provider vulnerabilities.

The Gemalto survey substantiates that conclusion. More than half (56 percent) of those IT pros said their organizations aren’t careful about sharing sensitive information in the cloud with third parties, and 54 percent said their companies don’t have a proactive approach to compliance with privacy and security regulations for data in cloud environments.

Respondents also say “shadow IT” is creating significant vulnerabilities. According to respondents, half of cloud services are deployed by departments other than corporate IT, and an average of 47 percent of corporate data stored in cloud environments is not managed or controlled by the IT department.

Because of the unique security requirements of the cloud, organizations must take certain steps to maximize cloud security. The first is to remember that cloud adoption does not absolve you of security-related obligations.

You need to verify that data is properly managed and secured in a way that adheres to government and industry regulations and company policy. You need to ensure that all user groups have the appropriate level of access to your cloud resources. You need to evaluate the cloud provider’s ability to support all relevant security and compliance requirements. Finally, you should integrate existing security controls with cloud controls so on-premises and cloud systems are managed according to the same security framework.

Organizations are moving more business-critical workloads to the cloud in an effort to improve agility and innovation. As such, attacks on cloud infrastructures are likely to become more frequent and sophisticated. Nevertheless, you can’t afford to ignore the massive efficiencies the cloud delivers. Carefully evaluate the security posture of your providers, and keep a close watch on your in-house operations, internal configurations and employee security training.  This will allow you to securely take full advantage of the benefits of the cloud.