The Risks & Benefits Of Cloud Security

Uploaded on 2020-09-07 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Cloud computing  has become a widely used term part of  daily conversations, usually  about moving photos and other data into the cloud. Indeed, Cloud computing is now over 30 years old but is still considered a new technology for many organisations and involves relying on  a cloud service provider (CSP), to store and process your vital data, which requires trust and a willingness to give up control.

Cloud users can reduce costs and increase efficiencies through storage and management of large amounts of data and systems and with the cloud they are apparently cheaper to maintain and they are secure. 

Given the growing rush by organisations to move to the cloud, it’s no surprise that some policymakers are calling for regulation of this disruptive technology. 

A Report published by the Carnegie Endowment aims to give lawmakers and regulators a basic understanding of what’s happening in the cloud arena, with a particular focus on the security of these vast reservoirs of information. Cloud Security: A Primer for Policymakers argues that the “debate about cloud security remains vague and the public policy implications [are] poorly understood.”

From a public policy perspective, “the image of a cloud obscures as much as it explains,” the report states. “A more nuanced picture emerges when the cloud is considered in terms of its layers, from the physical data centers and network cabling that form its foundation to the virtual software environments and applications that everyday users interact with.”

However, as the paper says, cloud services ares concentrated in the hands of a few providers including AWS, Microsoft Azure, and Google Cloud, so-called “hyper scale” cloud service providers, with firms like Alibaba Cloud and Tencent playing a similar role in China. “The rising cost of cyber-attacks means that most companies can’t effectively defend themselves, leaving organisations “better off entrusting their security to these external firms’ security teams.” However, that solution raises a new problem which is “the systemic risk associated with a centralised approach.”

The Report says there are two key policy concerns that have to be balanced.

  • The first one is the current and known problem of cyber insecurity," Maurer says. "Most organisations still struggle to effectively protect themselves against hackers.”
  • The second concern is the systemic risk cloud providers pose, namely that allowing so much data to be stored in the hands of giants could invite rare but catastrophic events.

The report quotes a study carried out by insurance market Lloyds of London that estimates a three to six-day outage of a major cloud service provider could cause economic losses. Moreover, cloud services could become an excellent target for attackers because of the amount of commercial data they contain.

Looking ahead, cloud security would benefit from a collaborative approach among the giant providers,given that the breakneck competition among them stands in the way of protecting against threats that affect all of them. 

Although some critics of a collaborative cloud security initiative might raise antitrust concerns, there are models of similar approaches in other industries, including finance and aviation. “If you look at other highly competitive industries like the financial industry, like the aviation industry, they have all formed specific industry consortia that are designed to help address security because they recognise the risks in the entire industry and not just individual companies.” notes the Report.

“It will be much more important in the future for the major cloud service providers to come together to share and compare notes…and to also potentially share data about threat actors that may be targeting them...That is likely to pay off more in the future than a regulatory framework would, which is down the road.”

Due diligence requires that cloud consumers fully understand the security implications of deploying or moving applications and systems to a CSP. Consumers must understand how CSP services should be used to support business activities while protecting information.

Carnegie Endowment:      CSO Online:     Carnegie Mellon University:     ARN.net:

You Might Also Read: 
 
Six Reasons To Move Your SIEM To The Cloud:

 

« New Zealand's NZX Stock Market Hit Five Times
Cyber Attacks On Norway’s Parliament »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

QinetiQ

QinetiQ

QinetiQ is one of the world's leading defence technology and security companies. Areas of activity include air, land, sea and space systems, weapons, robotics, C4ISR and cyber security.

Booz Allen Hamilton

Booz Allen Hamilton

Booz Allen Hamilton is a management & tech consulting firm. Technology services include cloud computing, cyber security, systems development and integration.

Cambridge Intelligence

Cambridge Intelligence

Cambridge Intelligence are experts in network visualization and finding hidden trends in complex connected data. Applications include cybersecurity.

OpenSphere

OpenSphere

OpenSphere is an IT company providing security consultancy, information system risk management and security management services.

OIC-CERT

OIC-CERT

OIC-CERT is the Computer Emergency Response Team for Organisation of Islamic Cooperation (OIC) member countries.

SANS CyberStart

SANS CyberStart

SANS CyberStart is a unique and innovative suite of tools and games designed to introduce children and young adults to the field of cyber security.

Gilbert + Tobin

Gilbert + Tobin

Gilbert + Tobin is an Australian corporate law firm serving clients throughout Australia, and around the world, on a broad range of legal issues including cyber security.

Innovasec

Innovasec

Innovasec provide information security consulting and training services.

ECOLUX

ECOLUX

ECOLUX is a professional IoT security service company committed to developing world-leading “IoT Lifecycle Security” technologies and products.

Security BSides

Security BSides

Security BSides is the first grass roots, DIY, open security conference in the world!. BSides is a community-driven framework for building events for and by information security community members.

SOC.OS Cyber Security

SOC.OS Cyber Security

SOC.OS is an alert correlation and triage automation tool. It correlates and prioritises your alerts, boosting productivity, enhancing threat visibility and shortening mean time to respond.

Talion

Talion

Talion aim to reduce the complexity involved in securing your organisation and to give security teams unrivalled visibility into their security operations, so they can make optimal decisions, fast.

Citadel Cyber Security

Citadel Cyber Security

Citadel is a leading 'One Stop Shop' provider of consulting services in cyber and information security. Our experts operate in hundreds of business organizations in Israel and around the world.

Cyber Chasse

Cyber Chasse

Cyber Chasse is an IT consulting and staffing company offering a full range of cybersecurity solutions, contract staffing services and online training courses.

Novacoast

Novacoast

Novacoast helps organizations find, create & implement solutions for a powerful security posture through advisory, engineering, development & managed services.

SeeMetrics

SeeMetrics

SeeMetrics is an automated cybersecurity performance management platform that integrates security data and business objectives into a simple interface.

Reach Security

Reach Security

Reach is the first generative AI platform purpose-built to empower enterprise security teams. With Reach, organizations measure, manage, and improve their enterprise security posture at scale.

SecureKloud Technologies

SecureKloud Technologies

SecureKloud is a global leader in the Cloud services arena. Our experience in cloud consulting and servicing for highly regulated industries extends more than a decade.