Overcoming Public Cloud Security Pitfalls
It’s no secret that public cloud use is increasing in the majority of businesses. Worldwide public cloud spending is projected to grow at a CAGR of more than 22% over the next five years, reaching $500 billion USD, according to IDC. Because the public cloud offers on-demand and highly scalable compute power, storage and application access, it can enable faster innovation and growth, while also providing greater flexibility.
With that agility, however, comes new risks and vulnerabilities–both internal and external–that IT solution providers will need to be prepared to address.
While the external threats are the ones most executives worry about when they launch cloud initiatives, it’s the internal threats that pose a more significant risk. Public cloud providers are vulnerable to cyber attacks, but Gartner reports that 80% of cloud breaches over the next year will result from misconfiguration, mismanaged credentials and insider threats. A 2018 report from IBM X-Force found that 70% of the 2.9 billion records compromised in 2017 were the result of misconfiguration problems, which grew 424% over the previous year.
Misunderstanding Cloud Security
Most of these breaches are preventable, but many companies don’t understand how shared security responsibilities work in public cloud environments. According to a Barracuda Networks poll of several hundred EMEA IT leaders, most respondents believe that their public Infrastructure-as-a-Service (IaaS) provider was responsible for securing customer data in the public cloud (64% of respondents), securing applications (61%) and operating systems (60%). In reality, these security functions are the responsibility of the customer, not the cloud provider.
Further, an increasing number of companies are using cloud platforms from multiple providers, making it even more challenging to ensure compliance with security policies. And, internal IT or security staff often don’t have the resources to stay on top of these issues.
That means more vulnerabilities and, potentially, costly security breaches. Companies that want to leverage the public cloud to accelerate their business initiatives need to educate themselves about their responsibilities around security and invest in the right tools and technology to protect their employees, customers, and data.
Securing the Public Cloud
How can companies ensure that they are securing their public cloud initiatives? Step one is education: All key stakeholders should know what their responsibilities are when it comes to security in the cloud. There should be complete transparency when contracting with cloud providers about which entity is handling which element of the security ecosystem, and a plan should be put in place to ensure that all policies and compliance issues are covered.
Speaking of policies, those security rules and expectations should be revisited to make sure they address all potential vulnerabilities, both internal and external. Tools should be used to monitor and enforce them, as well. An example of this includes automation tools to help address policy violations (like misconfigurations) and streamline IT operations without degrading compliance. You should also consider using tools for file integrity monitoring, application control, virtual patching, spam and malware protection, as well as other comprehensive security controls.
Security concerns often hamper cloud initiatives. While those fears aren’t unfounded, most companies don’t understand that the biggest threats come from within. The good news is that, with a little education, they can learn that they have significant control over securing their cloud investments–with help from their trusted IT solution provider, of course.
Brian Babineau is Senior Vice President and General Manager for Barracuda MSP. In this role, he is responsible for the company’s managed services business, a dedicated team focused on enabling partners to easily deliver affordable IT solutions to customers.
This guest blog is part of a Channel Futures sponsorship.