Organizations are adopting cloud computing in record numbers, discarding the security concerns that previously inhibited wide-scale cloud deployments. But do they also risk getting lured into a false sense of security? The answer depends on how much attention they pay to threat mitigation.

August 19, 2016

4 Min Read
Are the Big Cloud Concerns Turning into Yesterday’s News?

By Charles Cooper 1

Organizations are adopting cloud computing in record numbers, discarding the security concerns that previously inhibited wide-scale cloud deployments. But do they also risk getting lured into a false sense of security? The answer depends on how much attention they pay to threat mitigation.

Clearly, the time of hesitation is over, and most businesses nowadays view cloud adoption as a foregone conclusion that will help make their businesses more agile and innovative. In a report, Forrester Research describes cloud computing as a “hyper-growth” market and predicted the cloud services market would reach $191 billion by 2020, a 20 percent increase from a prediction it made only a few years ago.

But although IT professionals overwhelmingly see cloud platforms as more secure than on-premises systems, it’s premature to blow the all clear signal just yet.

While many of the concerns once heard about cloud security have receded, the threat environment remains dangerous. As more businesses operate out of the cloud, they also become even bigger targets for hackers, and that presents myriad challenges for CSOs and CIOs.

Unless enterprises implement proper planning and controls, their clouds are going be vulnerable to hackers searching to exploit vulnerabilities. For instance, organizations now need to grapple with security implications presented by the widespread use of mobile and the emergence of the Internet of Things, as more touch points translates into more potential points of entry into the corporate network and the company cloud.

Many cloud security breaches are connected to the poor security practices of employees or third parties who inadvertently give intruders access to the network. Once inside, attackers can then tunnel back into a company’s data center environment and steal any information that’s stored there.

Companies don’t need to be reminded that the cloud is not a panacea. But they need to be alert to the fact that attackers are going to deploy many of the same basic techniques they’ve successfully used to break into corporate networks–including social engineering and DDoS attacks–to compromise cloud implementations as well.

Companies shouldn’t assume that their clouds are secure and make sure to formulate a well-thought-out security plan ahead of time. The litany of major security breaches–resulting from attacks on all manner of business and industry–offers a reminder of what otherwise awaits: The vast amount of data stored in the cloud makes for an exceptionally appealing target, and poor security practices by employees and third parties will leave an organization at the mercy of malicious intruders.

The fact is that companies moving to the cloud for the first time need to factor in the increasing architectural complexity that’s being created and that security blowups could literally ruin a business. With data getting stored in many places, that complexity inevitably creates opportunity for hackers to exploit vulnerabilities. And, unfortunately, simple encryption isn’t going to be enough to keep the bad guys at bay.

Risk Mitigation Pays Off

The scare stories don’t need to deter companies from plowing ahead. The fact is that an ounce of prevention goes a long way toward turning most big cloud concerns into yesterday’s news, and that’s where the advice of a seasoned MSP can be quite handy, especially when figuring out what’s needed for a multi-layer defense strategy.

MSPs can also help to push for more top-level involvement–either from the CEO or another C-suite member–to elevate the importance of cyber security risk inside the organization. Every cloud implementation ought to be accompanied by a plan along with an outside assessment to vet its security performance.

Other basics should include:

  • A firewall that controls what comes in and what goes out

  • Intrusion detection technology and good monitoring tools

  • Secure private networking with appropriate filtering

  • Data usage policies across the business with clear instructions about what’s acceptable usage and what is not

  • Secure private networking to guarantee control when data is in transit

Despite the various security concerns, companies in ever larger numbers will continue to forward with cloud implementations. They have reached the point where the need to operate out of the cloud is accepted as the default business norm. They should be alright, just as long as they don’t get complacent and fail to remember that the security risks of doing business in the cloud aren’t going away.

This content is underwritten by VMware — and is editorially independent. It is produced in accordance with conventional standards of business journalism.

Charles Cooper is an award-winning freelance author who writes about business and technology. During his 30-plus year career, he has worked as an executive editor at several leading tech publications including CNET, ZDNet, PC Week and Computer Shopper.

Read more about:

AgentsMSPsVARs/SIs
Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like