IT Brief New Zealand - Technology news for CIOs & IT decision-makers
New Zealand
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
internet of things
#
work from home
Search
Story image
#
Cloud Services
#
Cybersecurity
#
CIOs
Security: Cloud's biggest challenge?
Thu, 1st Dec 2011
FYI, this story is more than a year old
By Staff Writer
Follow us

Organisations are today acknowledging in an unprecedented way, the benefits of the cloud infrastructure and the potential opportunities that it can deliver.

However when considering cloud solutions, organisations need to factor in a greater focus on the importance of security technologies and the investment in security infrastructure required to keep data safe. The traditional rule of thumb of investment in data security is no longer adequate.

For the business sector this means that information security specialists more than ever need to become trusted advisors, whether on a regular or project-based engagement. The major concern around cloud hosting and cloud applications is a lack of access controls between organisations' systems and application accounts.

You no longer know who is located on the same network as you. Hackers can now sit on the same network as you and have far more direct attack techniques available to them.  These techniques bypass access controls to attack your systems. Cloud hosting is almost always implemented on virtual infrastructure, causing Virtualisation Threats to also be available to hackers.

For ISPs, hosting providers, and cloud application providers they face the challenge of having the data that they store compromised, which inevitably leads to undermining the safety of the data.

"Professional cloud storage providers will offer well documented and audited security controls,” Pure Hacking CTO Ty Miller says. "We have certainly determined that despite claims to be secure, some cloud-hosting providers are in fact vulnerable following a routine penetration test. And the rule of thumb on this is that the more cost-efficient the cloud-hosting provider, the greater the incidence of security issues,” he continued.

"The reality of these cloud environments is that you will often see multiple cloud machines hosted in the same environment as many as 20 – 30 other machines controlled by other ‘owners'. These can all be independent and the actual ‘owner' unknown. There is nothing stopping a hacker purchasing the control of one of these machines and gaining access to the DMZ of another organisation and begin a sustained attack of its corporate data.

Miller recommends that organisations don't rely on the marketing documentation of cloud hosting providers, instead he is encouraging organisation to employ industry experts, with field experience, to evaluate the security of their cloud systems to ensure that the risk associated with cloud provider compromise is minimised.

For those organisations considering cloud-hosting services they need to create a set of data security policies that can help them navigate a new global security environment, where malicious attacks are increasing. Organisations need to ask themselves if they truly understand what data they are transferring to the cloud and what the outcomes of cloud attacks are.

They need to ask:

  • Do I have a data classification policy and understand the classification of data in the cloud?
  • Do I have an up-to-date data register?
  • Does this cloud system expose my sensitive data to the outside world?
  • If my data is disclosed, what are the likely consequences?
  • What is my backup data plan and how do I manage the redundancy of stored data? 
Related stories
New report reveals stark divide in global AI progression
How to ensure your finance transformation project is an unqualified success
GitHub's 2FA initiative helps secure software supply chain
FPT & NVIDIA partner to develop AI & Cloud services hub
AI tools linked to data exposure in 1 in 5 UK organisations
Top stories
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity
Dropbox unveils new features for remote work, enhances Microsoft integration