Small business owners and IT executives and security personnel must address the key security challenges.
External cloud solutions can be more secure than internal ones or one's current data center environment, but that is not a given or guarantee. One cannot leave security solely up to the cloud service provider (CSP) – it has to be a joint effort. Furthermore, security accountability always remains with the user entity, regardless of the firm(s) responsible for providing the platforms. Small business owners and IT executives, auditors, and security personnel must address the key security challenges and validate that the company is protected and risks are mitigated as best as possible.
The "Death by Cloud" blogs outlined several key challenges to companies small and large seeking to exploit cloud computing successfully. Herein are some top cloud security challenges and recommendations for how to cope with them.
Small Business Cloud Security Perils
In March 2016, the Cloud Security Alliance released a list of what it called the "Treacherous 12," the top 12 security threats to cloud computing facing organizations in 2016.
Here are those threats, as reported by CIO.com:
- Data breaches
- Compromised credentials and broken authentication
- Hacked application programming interfaces (APIs) and other interfaces
- Exploited system vulnerabilities
- Hijacked legitimate accounts
- Malicious insiders
- Advanced persistent threats (APTs)
- Permanent data loss
- Inadequate diligence
- Cloud service abuses
- Denial of service (DoS) attacks
- Vulnerabilities of cloud service providers’ shared infrastructures and resources
In July 2015, Intel Security (formerly McAfee) commissioned a survey of 1,200 IT decision-makers with responsibility for cloud security. Respondents were asked about the issues their organizations had faced with cloud service providers.
Figure 1 below summarizes their responses.
Securing the Cloud
In the "Death by Cloud" blogs to plan and prepare for cloud-instigated changes and challenges, I recommended that IT and development managers focus on four areas: automation, orchestration, standardization, and culture and process change. Small business owners and enterprise IT decision-makers alike would do well to adopt a set of focal points similar to those mentioned above where security is concerned.
Here are the four focal points:
Can ease, speed, and improve the execution of frequently repeated, mundane, necessary tasks, ranging from deployment of operating system and application patches to rollouts of new software.
Can help to ensure that effective security policies and practices are implemented and executed consistently across the entire IT infrastructure, on-premise and in the cloud.
Of hardware and software configurations can make it easier to automate and orchestrate security efforts, and to identify and mitigate threats.
Next- Focal point #4 and In Depth Takeaway
About the author
Mr. Braunstein serves as Chairman/CEO and Executive Director of Research at the Robert Frances Group (RFG). In addition to his corporate role, he helps his clients wrestle with a range of business, management, regulatory, and technology issues.
He has deep and broad experience in business strategy management, business process management, enterprise systems architecture, financing, mission-critical systems, project and portfolio management, procurement, risk management, sustainability, and vendor management. Cal also chaired a Business Operational Risk Council whose membership consisted of a number of top global financial institutions.