The Risks & Benefits Of Cloud Security

Uploaded on 2020-09-07 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Cloud computing  has become a widely used term part of  daily conversations, usually  about moving photos and other data into the cloud. Indeed, Cloud computing is now over 30 years old but is still considered a new technology for many organisations and involves relying on  a cloud service provider (CSP), to store and process your vital data, which requires trust and a willingness to give up control.

Cloud users can reduce costs and increase efficiencies through storage and management of large amounts of data and systems and with the cloud they are apparently cheaper to maintain and they are secure. 

Given the growing rush by organisations to move to the cloud, it’s no surprise that some policymakers are calling for regulation of this disruptive technology. 

A Report published by the Carnegie Endowment aims to give lawmakers and regulators a basic understanding of what’s happening in the cloud arena, with a particular focus on the security of these vast reservoirs of information. Cloud Security: A Primer for Policymakers argues that the “debate about cloud security remains vague and the public policy implications [are] poorly understood.”

From a public policy perspective, “the image of a cloud obscures as much as it explains,” the report states. “A more nuanced picture emerges when the cloud is considered in terms of its layers, from the physical data centers and network cabling that form its foundation to the virtual software environments and applications that everyday users interact with.”

However, as the paper says, cloud services ares concentrated in the hands of a few providers including AWS, Microsoft Azure, and Google Cloud, so-called “hyper scale” cloud service providers, with firms like Alibaba Cloud and Tencent playing a similar role in China. “The rising cost of cyber-attacks means that most companies can’t effectively defend themselves, leaving organisations “better off entrusting their security to these external firms’ security teams.” However, that solution raises a new problem which is “the systemic risk associated with a centralised approach.”

The Report says there are two key policy concerns that have to be balanced.

  • The first one is the current and known problem of cyber insecurity," Maurer says. "Most organisations still struggle to effectively protect themselves against hackers.”
  • The second concern is the systemic risk cloud providers pose, namely that allowing so much data to be stored in the hands of giants could invite rare but catastrophic events.

The report quotes a study carried out by insurance market Lloyds of London that estimates a three to six-day outage of a major cloud service provider could cause economic losses. Moreover, cloud services could become an excellent target for attackers because of the amount of commercial data they contain.

Looking ahead, cloud security would benefit from a collaborative approach among the giant providers,given that the breakneck competition among them stands in the way of protecting against threats that affect all of them. 

Although some critics of a collaborative cloud security initiative might raise antitrust concerns, there are models of similar approaches in other industries, including finance and aviation. “If you look at other highly competitive industries like the financial industry, like the aviation industry, they have all formed specific industry consortia that are designed to help address security because they recognise the risks in the entire industry and not just individual companies.” notes the Report.

“It will be much more important in the future for the major cloud service providers to come together to share and compare notes…and to also potentially share data about threat actors that may be targeting them...That is likely to pay off more in the future than a regulatory framework would, which is down the road.”

Due diligence requires that cloud consumers fully understand the security implications of deploying or moving applications and systems to a CSP. Consumers must understand how CSP services should be used to support business activities while protecting information.

Carnegie Endowment:      CSO Online:     Carnegie Mellon University:     ARN.net:

You Might Also Read: 
 
Six Reasons To Move Your SIEM To The Cloud:

 

« New Zealand's NZX Stock Market Hit Five Times
Cyber Attacks On Norway’s Parliament »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cyberis

Cyberis

Cyberis are pioneers in customer-focussed information security. Since 2011, we’ve been helping businesses protect their brands, customers and reputation.

Privacy Professor

Privacy Professor

Privacy Professor provides information privacy, security and compliance services, tools and products to organizations in a wide range of industries.

Global Secure Solutions (GSS)

Global Secure Solutions (GSS)

Global Secure Solutions is an IT security and risk consulting firm and authorised ISO training partner for the PECB.

Early Warning Services

Early Warning Services

Early Warning is committed to providing awareness, education, and enablement around fraud prevention.

Riscure

Riscure

Riscure is a global test lab and tools leader for device security. Core expertise in side channel analysis, fault injection and embedded device software.

Eureka Technology Partners

Eureka Technology Partners

Eureka Technology Partners are committed to helping you focus on your business by taking care of your IT infrastructure and data security needs.

Cyvatar

Cyvatar

Cyvatar is a technology-enabled cyber security as a service (CSaaS) provider delivering smarter managed security to help you achieve compliance and security faster and more efficiently.

Prima Cyber Solutions (PCS)

Prima Cyber Solutions (PCS)

Prima Cyber Solutions is focused on protecting your business from the massive and devastating impacts that cyber-attacks may cause.

Enginsight

Enginsight

Enginsight provides a comprehensive solution for monitoring and securing your servers and clients.

Mode Solutions

Mode Solutions

Mode guarantee IT performance where you need it most, creating seamless and secure solutions that will alleviate pressure from your business.

Balance Theory

Balance Theory

Balance Theory provides the knowledge infrastructure and collaboration center for the cybersecurity community. A networked community to build better cybersecurity outcomes.

Akto

Akto

Akto, the plug & play API security platform. Discover your APIs, run tests and find business logic vulnerabilities at ludicrous speed.

BTQ Technologies

BTQ Technologies

BTQ is a global quantum technology company focused on securing mission critical networks.

TrustNet

TrustNet

TrustNet helps mid-to-large firms build trust through top-tier cybersecurity, compliance, and consulting—offering complete managed services all in one place.

ZehnTek

ZehnTek

ZehnTek is a premier technology solutions provider, committed to offering comprehensive IT services tailored to meet the diverse needs of businesses.

Pacific Northwest National Laboratory (PNNL)

Pacific Northwest National Laboratory (PNNL)

PNNL draws on its distinguishing strengths in chemistry, Earth sciences, biology, and data science to advance scientific knowledge and address challenges in energy resiliency and national security.