The Risks & Benefits Of Cloud Security

Cloud computing  has become a widely used term part of  daily conversations, usually  about moving photos and other data into the cloud. Indeed, Cloud computing is now over 30 years old but is still considered a new technology for many organisations and involves relying on  a cloud service provider (CSP), to store and process your vital data, which requires trust and a willingness to give up control.

Cloud users can reduce costs and increase efficiencies through storage and management of large amounts of data and systems and with the cloud they are apparently cheaper to maintain and they are secure. 

Given the growing rush by organisations to move to the cloud, it’s no surprise that some policymakers are calling for regulation of this disruptive technology. 

A Report published by the Carnegie Endowment aims to give lawmakers and regulators a basic understanding of what’s happening in the cloud arena, with a particular focus on the security of these vast reservoirs of information. Cloud Security: A Primer for Policymakers argues that the “debate about cloud security remains vague and the public policy implications [are] poorly understood.”

From a public policy perspective, “the image of a cloud obscures as much as it explains,” the report states. “A more nuanced picture emerges when the cloud is considered in terms of its layers, from the physical data centers and network cabling that form its foundation to the virtual software environments and applications that everyday users interact with.”

However, as the paper says, cloud services ares concentrated in the hands of a few providers including AWS, Microsoft Azure, and Google Cloud, so-called “hyper scale” cloud service providers, with firms like Alibaba Cloud and Tencent playing a similar role in China. “The rising cost of cyber-attacks means that most companies can’t effectively defend themselves, leaving organisations “better off entrusting their security to these external firms’ security teams.” However, that solution raises a new problem which is “the systemic risk associated with a centralised approach.”

The Report says there are two key policy concerns that have to be balanced.

  • The first one is the current and known problem of cyber insecurity," Maurer says. "Most organisations still struggle to effectively protect themselves against hackers.”
  • The second concern is the systemic risk cloud providers pose, namely that allowing so much data to be stored in the hands of giants could invite rare but catastrophic events.

The report quotes a study carried out by insurance market Lloyds of London that estimates a three to six-day outage of a major cloud service provider could cause economic losses. Moreover, cloud services could become an excellent target for attackers because of the amount of commercial data they contain.

Looking ahead, cloud security would benefit from a collaborative approach among the giant providers,given that the breakneck competition among them stands in the way of protecting against threats that affect all of them. 

Although some critics of a collaborative cloud security initiative might raise antitrust concerns, there are models of similar approaches in other industries, including finance and aviation. “If you look at other highly competitive industries like the financial industry, like the aviation industry, they have all formed specific industry consortia that are designed to help address security because they recognise the risks in the entire industry and not just individual companies.” notes the Report.

“It will be much more important in the future for the major cloud service providers to come together to share and compare notes…and to also potentially share data about threat actors that may be targeting them...That is likely to pay off more in the future than a regulatory framework would, which is down the road.”

Due diligence requires that cloud consumers fully understand the security implications of deploying or moving applications and systems to a CSP. Consumers must understand how CSP services should be used to support business activities while protecting information.

Carnegie Endowment:      CSO Online:     Carnegie Mellon University:     ARN.net:

You Might Also Read: 
 
Six Reasons To Move Your SIEM To The Cloud:

 

« New Zealand's NZX Stock Market Hit Five Times
Cyber Attacks On Norway’s Parliament »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

WEBINAR: How To Build And Implement An Effective Endpoint Detection And Response Strategy

WEBINAR: How To Build And Implement An Effective Endpoint Detection And Response Strategy

Join this webinar to learn how the cloud threat landscape is evolving and organizations are deploying more advanced and capable security controls at scale.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CloudEndure

CloudEndure

CloudEndure offers Disaster Recovery and Continuous Replication for the Cloud.

Pluralsight

Pluralsight

Pluralsight helps enterprises build technology skills at scale with expert-authored courses on today’s most important technologies including information and cyber security.

Asavie

Asavie

Asavie provide solutions for Enterprise Mobility Management and secure IoT Connectivity.

International Fraternity of Cybercrime Investigators (IFCI)

International Fraternity of Cybercrime Investigators (IFCI)

IFCI provides expert training and certification in Computer Forensics, Network Intrusion & Data Breach Analysis; Malware Analysis; Cyber Threat Intelligence.

Dataglobal

Dataglobal

Dataglobal is an industry-leading provider of Information Archiving/Governance and Unified Data Classification solutions.

Dragos

Dragos

Dragos has built the first industrial cybersecurity ecosystem, the ultimate security defense.

Ellipsis Technologies

Ellipsis Technologies

Ellipsis Technologies is a diversified technology company that develops innovative security software for websites and online applications.

BooleBox

BooleBox

BooleBox is the cloud for business data security that allows to share sensitive files by reducing the risk of external attacks or insider theft.

Digital Innovation Hub Slovenia (DIH)

Digital Innovation Hub Slovenia (DIH)

DIH Slovenia is a central hub providing services to grow digital competencies in areas including robotics, IoT, cyberphysical systems and cybersecurity.

KOVRR

KOVRR

Kovrr enables (re)insurers to transparently predict and price cyber risk.

Blockchain R&D Hub

Blockchain R&D Hub

Blockchain R&D Hub's mission is to serve the needs of blockchain ecosystem as the center of excellence for technology research and development.

Ensighten

Ensighten

Ensighten is a leader in Website Security & Privacy Compliance. Protect your website from malicious attacks, monitor & detect vulnerabilities, protect consumer data.

Symmetry Systems

Symmetry Systems

Symmetry Systems is a provider of data store and object-level security (DSOS) solutions that give organizations visibility into, and unified access control of, their most valuable data assets.

BriskInfosec Technology & Consulting

BriskInfosec Technology & Consulting

BriskInfosec provides information security services, products and compliance solutions to our customers.

CodeHunter

CodeHunter

CodeHunter is a malware hunting SaaS platform designed to detect all variations of malware, known and unknown, without the need for source code or signatures.

CyberXpert.ai

CyberXpert.ai

CyberXpert.ai’s mission is to transform the way highly regulated organizations address compliance risk and to modernize compliance processes for both regulators and regulated entities.