How cloud computing is changing cybersecuritySeptember 9, 2019
Since the creation of the world wide web, protecting data has been an important and vital task. As more and more businesses move toward cloud computing the strategies and requirements surrounding securing data have evolved. Simple firewalls and other perimeter security devices are no longer sufficient for protecting the over 1 billion gigabytes of data stored in the cloud.
Enterprise Strategy Group (ESG), an IT analyst, research, validation, and strategy firm found that “28% of organizations claimed that they were collecting, processing, and analyzing significantly more security data than they did 2 years ago.”
This growth has led to re-thinking data processing from the start, with a strong demand for cybersecurity experts in the field of cloud computing. According to an ESG report on cybersecurity professionals, where 267 cybersecurity professionals were surveyed, cloud computing security topped the list of more acute skills shortages.
Additionally, 23% of respondents stated “new IT initiatives such as cloud computing, mobile computing, etc. have been implemented without proper cybersecurity oversight and controls” was the biggest contributor to security events in their organization in the last two years, ranking 3rdamong all concerns.
To address these gaps, cybersecurity experts need to be well-versed in cloud computing security strategies. One such example is the government program FedRAMP, which “created and manages a core set of processes to ensure effective, repeatable cloud security for the government.” While FedRAMP focuses on government agencies, the resources provided can be applied to all cloud computing security efforts.
Resources provided by FedRAMP include:
- Readiness assessments
- Security package development
- System security plans
- Plans of action and milestone tracking
- Annual assessments
While programs like FedRAMP provide resources, the relatively recent widespread adoption of cloud computing means that there remains a lack of consistency in how to address cloud security.
Alienvault (now AT&T Cybersecurity) surveyed nearly 1,000 security professionals on cloud security. Key issues identified from the survey included:
- 40 percent of security professionals reported they are not consulted before a new cloud platform is deployed
- 42 percent reported that lack of visibility into the cloud provides a significant security risk
- Approximately 20 percent are unsure how many cloud services are used within their organization.
As Alienvault summarizes, “the principles of threat detection will largely remain the same” regardless of the technology used for storing data. Just like with on-site servers, security professionals monitoring cloud-based systems need to be proactive. Identifying vulnerabilities, implementing consistent monitoring, maintaining transparency regarding IT resources, and staying informed of the latest security threats are all best practices that should be implemented. Ultimately, having knowledgeable cybersecurity staff with skills in cloud computing will benefit every business.