Cloud Computing Means Big Opportunities – And Big Threats


Image: Getty Images/Maskot

Applications and infrastructure shift to cloud computing services may make life easier in some ways, it doesn’t automatically mean you can relinquish all responsibility for protecting your organization’s data.

Cloud computing continues to grow at a fantastic pace, even though it has been around for quite some time; tech analyst Gartner’s latest data shows that infrastructure as a service market grew by more than 40% last year, noting that “cloud-native the primary architecture for modern workloads

Then it may come as no surprise that cloud security is the fastest growing segment of the security marketwith spending rising from $595 million in the US in 2020 to $841 million last year, largely because companies are discovering it’s a more complicated topic than they realized.

Most companies use multiple cloud services and cloud providers, a hybrid approach that can support granular security options where vital data is kept close by (perhaps in a private cloud) while less sensitive applications run in a public cloud to take advantage of the economies of scale of large technology.

But the hybrid model also introduces new complications, as each provider will have a slightly different set of security models that cloud customers must understand and manage.

That takes time and (often elusive) expertise in systems from multiple cloud vendors. And it is also a dynamic environment; applications and data are often switched between on- and off-premise and between cloud services, all of which are opportunities for errors and data leaks.

All this can expand the threat of the enterprise, while making it more difficult for organizations to ensure their assets are safe. As a result, misconfigured services are high on the list of root causes for security incidents — along with even more basic errors like bad passwords and identity checks.


According to a recent survey, half of companies had experienced some form of cloud security breach in the past 12 months, while according to the study by Thales.

No wonder companies are evaluating tools to automate much of this.

This leads to interest in new technologies such as: Cloud Security Posture Management (CSPM) tools, which can help security teams identify and resolve potential cloud misconfiguration and compliance vulnerabilities, so they know the same rules are enforced across their cloud services.

Another area of ​​growth was: Cloud Access Security Brokers (CASBs), which also aim to ensure that a company’s security policies are enforced across its portfolio of services. Other security technologies that cloud users are interested in, according to industry research, include: zero trust and artificial intelligenceand machine learning. However, many technologies that hold the promise to improve cloud security are still in their early stages.

This is not to say that the cloud is inherently less secure. Because cloud vendors have the scale to invest in skills and capabilities that are beyond the reach of most customers, cloud services and applications are likely to be more secure than those hosted by companies for whom technology is far from their core competency.

But in addition to looking at technical innovations, it’s also worth examining the service levels and understanding of cloud service providers in the first place. The UK’s National Cyber ​​Security Center (NCSC) has a good set of general principles for cloud computing security that’s worth considering, which can help you assess a vendor’s security posture. There are a total of 14 principles, including:

  • Your data must be protected from sabotage and eavesdropping as it transmits networks inside and outside the cloud.
  • A malicious or compromised customer of the service must not access or influence the service or data of another.
  • The service must be securely operated and managed to impede, detect or prevent attacks, using vulnerability management, protective monitoring, configuration and change management.
  • If service provider personnel have access to your data and systems, you must have a high degree of confidence in their reliability and the technical measures in place to monitor and limit the actions of those personnel.
  • Cloud services should be designed, developed and deployed to minimize and mitigate threats to their security, including a robust software development lifecycle
  • All external or less trusted interfaces to the service must be properly identified and defended, including external APIs, web consoles, and command-line interfaces.
  • You must be able to identify security incidents and have the information necessary to understand how and when they occurred. The service must provide you with audit information and provide security alerts when attempted attacks are detected.

Developing the right security posture is difficult: some companies worry about sophisticated hacking groups, others struggle to prevent staff from using ‘1234’ as a password. Covering the basics of security, understanding where the market is headed, and asking cloud providers tough questions about their own security is a good path to follow.

Leave a Comment

Your email address will not be published.