Cloud computing has been
the buzzword of the last decade. It is no wonder that most organizations have
started to embrace this technology. However, the cloud has been perceived to be
riskier from a security perspective. While organizations worry about legal
aspects such as data privacy issues, compliance adherence, and ownership of
customer data, security is the biggest concern. In this article, we will
discuss why the cloud can be perceived as riskier from a security perspective
and what those risks are.
Comparing Cloud to On-Premises
Environments from a Security Perspective
When assessing any
environment from a security context, two distinct variables come to mind: the
probability of something bad happening and the impact of an attack should it
happen. Using these two variables, we can plot the factor we are measuring on a
matrix to roughly ascertain the security risk to
the organization.
When you weigh up cloud vs on-premises
environments and you assess them from the perspective of the probability of
something bad happening and the impact of an attack should it happen, the comparison
probably looks like this:
·
On-premises: The impact of a security issue would be
high as all corporate networks, systems, and data could be at risk. The
probability of it happening is relatively high as
there are limited IT resources available.
·
In the cloud: A breach could have an enormous impact,
potentially affecting lots of users. The probability of cloud providers being
breached is much bigger, due to the bounty on offer should an attack be
successful. However, as technology companies, cloud providers should have a lot
of expert IT resources available so should, in theory, be more able to thwart
an attack should one happen.
So, on balance, the cloud
is not necessarily any riskier than an on-premises environment. But there are
cloud-specific security risks out there. If you do not approach cloud adoption
and security in the right way and you are not aware of the factors that can
increase your risk profile, the cloud can be a dangerous place.
Seven Factors That
Influence Cloud Risk
With the cloud risk
probability and impact analysis in mind, we mapped out seven factors that can
influence the cloud risk level to your organization and therefore impact where
you sit on the “probability and impact risk matrix.” These are the
seven reasons why the cloud can be a risky place:
1.
Misunderstood responsibility: The fact that the
software, applications, and systems are hosted in the cloud means that you are
only as safe as your access to it. Many companies think that their cloud
provider is responsible for ensuring their safety in the cloud. But this is not
the case. Ultimately, organizations are responsible
for protecting themselves, no matter what security your cloud vendor says they
have in place. It is really important to bottom out
where security responsibility lies, and that must be stipulated in your
contract with your cloud provider.
2.
You are not alone: At the heart of the cloud concept is
the tenet of multi-tenancy and the decoupling between hardware and
applications. Multi-tenancy in the cloud means it is not just your organization
that has access to Salesforce or whatever app or system you might be using. So
has pretty much every other business in the
developed world. If a hacking collective were to target a cloud provider like
Salesforce, by gaining access to an employee’s credentials, potentially any organization
that uses it could be affected.
3.
Poor online hygiene: There is often a lax attitude to
online hygiene where the cloud is concerned. Weak passwords and shared
passwords mean they are much more likely to be cracked should hackers decide to
target users or could even be guessed in a dictionary-style attack.
4.
Data and permission sprawl: Much of an organization’s
cloud security vulnerability is dependent on how big its cloud network is. If
you are using multiple cloud
While the cloud offers many
benefits for organizations, including increased flexibility and scalability, it
also comes with specific security risks that must be understood and mitigated.
When assessing cloud security, it is essential to consider the probability of
an attack and its potential impact, as well as the specific factors that can
increase your risk profile. These factors include misunderstandings around
security responsibility, the potential impact of multi-tenancy, poor online
hygiene, data, and permission sprawl, limited visibility into cloud
environments, complex supply chain relationships, and compliance and regulatory
risks. By understanding these risks and taking appropriate measures to mitigate
them, organizations can safely leverage the benefits of cloud computing while
protecting their critical data and systems. To know more about cloud security,
click here.
