The demand for cloud computing has skyrocketed in recent years. Lower costs, a faster time to market, increased employee productivity, scalability, and flexibility are some of the beneficial factors motivating organizations to move to the cloud. It’s not likely that organizations will slow down with their migration plans, either. According to market estimates, the global cloud computing market size is projected to grow from USD 272.0 billion in 2018 to USD 623.3 billion by 2023 at a CAGR of 18.0%. Simultaneously, the coronavirus pandemic has led to a sudden boom in the cloud industry as companies have to increasingly rely on remote working. The transition to the cloud has brought new security challenges, however. According to IDC, around 30% of surveyed companies purchased 30+ types of cloud services from 16 different vendors in 2019 alone. This makes these organizations vulnerable to cyberattacks; cybercriminals are preying upon these entities by abusing configuration errors as well as vulnerabilities within the applications, which often remained undetected by the organization due to the skill gap. Abhijit Chakravorty, cloud security competency leader at IBM Security Services, summarized the impact of the cloud this way:
The cloud holds enormous potential for business efficiency and innovation, but it can also create a 'wild west' of broader and more distributed environments for organizations to manage and secure.
Here are some of the top cloud security risks that organizations should keep in mind going forward.
Exploiting Cloud Apps
According to the recent case study by IBM X-Force IRIS, cloud-based applications are the most common path for cybercriminals for compromising cloud environments. They accounted for 45% of cloud-related cyber threats in IBM’s study.
Ransomware is one of the biggest cyber threats confronting the cloud industry. Ransomware was deployed three times more than any other type of malware in cloud environments, found IBM, followed by crypto miners and botnet malware.
Companies are increasingly storing sensitive data in the cloud. Around 21% of files uploaded to cloud-based file-sharing services contained sensitive data including intellectual property, according to IBM. As such, cybercriminals can gain access to intellectual property or other personal files in the event of security breaches involving the cloud. Data loss is one of the cloud security risks that are hard to predict and even harder to handle. Data theft was the most common threat activity observed by IBM in breached cloud environments outside of malware deployment over the last year.
Malware makes its way into the cloud environment in various ways. The most popular method is via phishing emails and by taking advantage of poorly configured storage servers. As data is constantly traveling to and from the cloud, malware has a vastly increased number of opportunities to attack not only cloud infrastructure but also client infrastructure and devices. “Based on the trends in our incident response cases, it’s likely that malware cases targeting cloud will continue to expand and evolve as cloud adoption increases,” said Charles DeBeck, IBM X-Force IRIS. “Malware developers have already begun making malware that disables common cloud security products, and designing malware that takes advantage of the scale and agility offered by the cloud,” he added.
With increasing government regulations pertaining to data protection such as GDPR and HIPAA, staying compliant is becoming more complex. Owing to the large-scale accessibility of data on the cloud environment, it can be difficult for businesses to keep track of who can access the information. Companies should always strive to remain compliant with laws and industry regulations to avoid facing hefty fines and reputational damage in the aftermath of a successful security incident.
Although cloud transition is posing new security challenges, organizations that are able to adopt a mature and streamlined governance model for the cloud can significantly enhance security agility and response capabilities. The organizations should focus on the following aspects to address security concerns in hybrid, multi-cloud environments:
- Promote collaborating governance and culture for cloud and security operations
- Develop a risk-based assessment for developing a roadmap for phasing cloud adoption
- Adopt strong access management tools and policies for access to cloud resources
- Ensure right security tools across all cloud and on-premise resources
- Implement effective security automation
What are you waiting for? Address the security risks to make cloud migration a successful story.
About Author: Anand is a senior content writer at the Veritis Group working on market research, collaterals, whitepapers, technology news &, etc. Reading books, blogging, and social media are other work-related interests among various other skill sets. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.