Cloud Security – Are You Safe?

Cloud Security – Are You Safe?

The move to the cloud continues speedily as the benefits greatly outweigh the cost and downside. Most IT professionals think this trend will continue with even more IT functions and capabilities making the move out of on-premises to cloud based solutions.

We also see continued innovation around cloud offerings from Software as a Service (SaaS) to Platform as a Service (Paas) to Infrastructure as a Service (IaaS) and more options to come. The emergence of private clouds and the converged solutions demonstrate that the benefits of moving some functions to the cloud have strong merit.

But what are the risks? Any IT system can be vulnerable to intrusions and hackers are out there looking to defeat the best defenses. These vulnerabilities do not go away with a move to the cloud and without strong planning can become even more acute.

According to the BakerHostetler “Data Security Incident Response Report” intrusions continue no matter the environment and strong planning is needed to protect data and systems. The report found that the most common incident causes were:

  • Phishing – 34% of incidents
  • Network Intrusions – 19% of incidents
  • Inadvertent Disclosure (such as employee mistakes) – 17% of incidents
  • Stolen or Lost Devices – 11% of incidents
  • Other – 19% of incidents – including a new category “misconfiguration”

Misconfiguration reflects instances where unauthorized individuals gain access to data stored in the cloud due to permissions being set to “public” instead of “private.” This new category represented 6% of the overall incidents.

The report also had some interesting findings on how companies are responding to and dealing with breaches.  The incident response life cycle and response rates were as follows:

  • Detection – 66 days from intrusion
  • Containment –  3 days from discovery to containment
  • Analysis –  36 days from engagement of forensics teams to investigation complete
  • Notification –  38 days from discovery to notification

The damage that can be done by intrusions is a significant business cost / risk that companies are forced to deal with.  Beyond the data, applications and processes that might continue to be “on-premise,” there is now planning and thought that needs to be given to the cloud.  It is absolutely critical that companies come up with “Business Continuity Plans” and work with their cloud service providers to ensure that the cloud is integral to that plan.

These plans are now as important as disaster recovery plans and overall planning looks like this:

Image_Business continuity and disaster recovery planning

Security has and always will be one of Amazon Web Service’s (AWS) most important topics. However, a web application is only secure if security is taken care of on every layer. Therefore, AWS works with a shared responsibility model, where AWS is responsible for the security "of" the cloud and the customer for the security "in" the cloud. The security "in" the cloud already starts with a design and architecture of the cloud setup and the application and leverages on frameworks such as the Virtual Private Cloud (VPC) and Identity and Access Management (IAM) of AWS.

Once live and operational it extends to updates and patches of single AWS instances up to proactive monitoring of the application. We support our clients with the security "in" the cloud as an application is only secure if "in" and "of" the cloud are both accounted for.

Image_responsibility for security

The complexity of the IT world continues to rise as more business functions find their way to the cloud and hybrid systems become the norm.  Without proper planning and solid coordination with 3rd party service suppliers, companies could be increasing their vulnerability.  Cloud security will start with strong planning and at nine we are ready to help.

SHORT:

CLOUD SECURITY – ARE YOU SAFE?

The move to the cloud continues speedily as the benefits greatly outweigh the cost and downside. Most IT professionals think this trend will continue with even more IT functions and capabilities making the move out of on-premises to cloud based solutions. The emergence of private clouds and the converged solutions demonstrate that the benefits of moving some functions to the cloud have strong merit.

But what are the risks? Common incident causes are:

  • Phishing – 34% of incidents
  • Network Intrusions – 19% of incidents
  • Inadvertent Disclosure (such as employee mistakes) – 17% of incidents
  • Stolen or Lost Devices – 11% of incidents
  • Other – 19% of incidents – including a new category “misconfiguration”

The complexity of the IT world continues to rise as more business functions find their way to the cloud and hybrid systems become the norm. Without proper planning and solid coordination with 3rd party service suppliers, companies could be increasing their vulnerability. Cloud security will start with strong planning.



Learn more about the cloud and what it means
for companies in our whitepaper "Companies in the Cloud".