The Risks & Benefits Of Cloud Security

Uploaded on 2020-09-07 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Cloud computing  has become a widely used term part of  daily conversations, usually  about moving photos and other data into the cloud. Indeed, Cloud computing is now over 30 years old but is still considered a new technology for many organisations and involves relying on  a cloud service provider (CSP), to store and process your vital data, which requires trust and a willingness to give up control.

Cloud users can reduce costs and increase efficiencies through storage and management of large amounts of data and systems and with the cloud they are apparently cheaper to maintain and they are secure. 

Given the growing rush by organisations to move to the cloud, it’s no surprise that some policymakers are calling for regulation of this disruptive technology. 

A Report published by the Carnegie Endowment aims to give lawmakers and regulators a basic understanding of what’s happening in the cloud arena, with a particular focus on the security of these vast reservoirs of information. Cloud Security: A Primer for Policymakers argues that the “debate about cloud security remains vague and the public policy implications [are] poorly understood.”

From a public policy perspective, “the image of a cloud obscures as much as it explains,” the report states. “A more nuanced picture emerges when the cloud is considered in terms of its layers, from the physical data centers and network cabling that form its foundation to the virtual software environments and applications that everyday users interact with.”

However, as the paper says, cloud services ares concentrated in the hands of a few providers including AWS, Microsoft Azure, and Google Cloud, so-called “hyper scale” cloud service providers, with firms like Alibaba Cloud and Tencent playing a similar role in China. “The rising cost of cyber-attacks means that most companies can’t effectively defend themselves, leaving organisations “better off entrusting their security to these external firms’ security teams.” However, that solution raises a new problem which is “the systemic risk associated with a centralised approach.”

The Report says there are two key policy concerns that have to be balanced.

  • The first one is the current and known problem of cyber insecurity," Maurer says. "Most organisations still struggle to effectively protect themselves against hackers.”
  • The second concern is the systemic risk cloud providers pose, namely that allowing so much data to be stored in the hands of giants could invite rare but catastrophic events.

The report quotes a study carried out by insurance market Lloyds of London that estimates a three to six-day outage of a major cloud service provider could cause economic losses. Moreover, cloud services could become an excellent target for attackers because of the amount of commercial data they contain.

Looking ahead, cloud security would benefit from a collaborative approach among the giant providers,given that the breakneck competition among them stands in the way of protecting against threats that affect all of them. 

Although some critics of a collaborative cloud security initiative might raise antitrust concerns, there are models of similar approaches in other industries, including finance and aviation. “If you look at other highly competitive industries like the financial industry, like the aviation industry, they have all formed specific industry consortia that are designed to help address security because they recognise the risks in the entire industry and not just individual companies.” notes the Report.

“It will be much more important in the future for the major cloud service providers to come together to share and compare notes…and to also potentially share data about threat actors that may be targeting them...That is likely to pay off more in the future than a regulatory framework would, which is down the road.”

Due diligence requires that cloud consumers fully understand the security implications of deploying or moving applications and systems to a CSP. Consumers must understand how CSP services should be used to support business activities while protecting information.

Carnegie Endowment:      CSO Online:     Carnegie Mellon University:     ARN.net:

You Might Also Read: 
 
Six Reasons To Move Your SIEM To The Cloud:

 

« New Zealand's NZX Stock Market Hit Five Times
Cyber Attacks On Norway’s Parliament »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cyber Indemnity Solutions (CIS)

Cyber Indemnity Solutions (CIS)

CIS is an InsurTech company focused on licensing innovative cyber risk insurance solutions to the global insurance industry.

EG-CERT

EG-CERT

EG-CERT is the national Computer Emergency Response Team for Egypt.

Fraunhofer Institute for Secure Information Technology (SIT)

Fraunhofer Institute for Secure Information Technology (SIT)

Fraunhofer SIT is a research centre specialising in all areas of IT security.

LMG Security

LMG Security

LMG Security is a cybersecurity consulting, research and training firm.

Evanston Technology Partners (ETP)

Evanston Technology Partners (ETP)

ETP provides services and solutions to enable and transform businesses in the areas of cybersecurity, data protection, and efficient operations practices.

Privacyware

Privacyware

Privacyware's ThreatSentry combines a state-of-the-art Web Application Firewall and port-level firewall with advanced behavioral filtering to block unwanted IIS traffic and web application threats.

ThreatReady Resources

ThreatReady Resources

ThreatReady reduces an organization’s risk by delivering cyber security awareness training based on the latest, state-of-the-art learning science to effectively drive long-term cyber-safe behavior.

Illuma Labs

Illuma Labs

Illuma Labs delivers real-time voice authentication and fraud prevention solutions.

SecureTech360

SecureTech360

SecureTech360 is a cybersecurity and IT consulting firm whose principals have extensive experience in Cybersecurity and Information Technology.

Cyber Security Services

Cyber Security Services

Cyber Security Services is a cyber security consulting firm and security operations center (SOC).

Orpheus Cyber

Orpheus Cyber

Orpheus Cyber provides predictive and actionable intelligence to our clients - enabling them to anticipate, prepare for and respond to the cyber threats they face.

TrafficGuard

TrafficGuard

TrafficGuard is an award-winning digital ad verification and fraud prevention platform.

Yarix

Yarix

Yarix is the leading company in Var Group’s Digital Security division and one of the most recognised, innovative and authoritative Italian companies in the IT security sector.

CyAmast

CyAmast

CyAmast is an IoT Network security and analytics company that is changing the way enterprise and governments detect and protect networks from the pervasive threat of cyber attacks.

Razilio

Razilio

Razilio is a boutique cybersecurity consultancy located in Sydney, Australia and serving the world.

RESTIV Technology

RESTIV Technology

RESTIV Compliance Copilot is your partner in continuous compliance. Real-time monitoring, continuous testing, and transparent evidence—no surprises, just peace of mind.