Marc Maiffret are from BeyondTrust, who sells security and compliance software.
Would you trust your sensitive corporate data in the hands of a stranger? Recent Amazon and Apple iCloud experiences tells us that cloud security across the board, needs to be enhanced, now, not later. Taking a look and understanding security strategies and responsibilities from both cloud providers and customers can help to prevent further failures.
The adoption of cloud services by both large and small organizations is rising. Without a doubt, there are benefits to this investment: competitive cost advantage, allowing budgets to focus on technology innovation rather than infrastructure, and considerable gains in time management. For instance, a young company that doesn’t have the capital to purchase the servers needed to develop new products now has the ability to rent their back-end infrastructure from a cloud provider for mere pennies an hour. This can provide a small business the same level of scaling capabilities as a company five times its size.
It’s clear that organizations that outsource to a cloud vendor often times make their choices based on price instead of security. Despite the undoubted advantages to efficiency and cost effectiveness, leveraging a cloud provider unfortunately welcomes many risks as well. While many C-level non-IT executives look to openly embrace cloud environments, security executives walk with much more trepidation. In a recent study conducted by IDG Research, nearly 60 percent of respondents said were very concerned with data security and privacy in cloud deployments. Vulnerabilities and exploits don’t discriminate. The same holes that exist for on-premise data storage and access also exist within cloud deployments. These risks should raise significant concerns in regards to breaches when housing sensitive assets in the cloud such as intellectual property and financial or customer data. This begs the question, when a company is utilizing a cloud provider, who is actually responsible if a breach occurs?
Who is responsible for what security measures are put in place? The apparent ambiguity as to who is responsible for securing the assets which makes up the private clouds creates the exact type of security gaps that attackers prey on. Questions such as these need to be raised as more companies continue to move massive amounts of data to cloud service providers. The truth is that assets, in the cloud or on premise, are part of your business; treat them as such. You need to take the steps to secure those servers, and you have every right to, just as if they were sitting in your own server closet or data center. Moving your organization to the cloud is like entering a lease agreement with a services provider. You and your assets can occupy the premises but unless you have renters insurance you’re cooked if there’s a theft or fire. Even though you are renting from these providers, you still should look to cloud providers that allow your company a level of access that allows you to perform your own security assessments to verify the level of security that a cloud provider may or may not be implementing…….
Are Cloud Providers Absentee Landlords On Cyber-security?
