Cloud Security “The fear of loss is a path to the Dark Side” !

“The Debate about Cloud is Over – it is now unquestioned reality” said Kyrill Tatarinov CEO and president of Citrix Systems in his opening speech in Synergy event on Citrix plan for embracing cloud technologies (Greiner, 2016).

Yet the debate is far from over amongst top IT professionals and vendors in the market. It’s imperative that we understand the foundation of this debate as it effects our daily lives, you might not realize it but we all use the public cloud one way or the other.

Gmail, Facebook, Twitter, WhatsApp, LinkedIn, and any type of online service is to the consumer a public cloud service. You might not understand or realize this concept never the less the internet by itself from an end user perspective is a public cloud. Anything and everything that you type, store, share, and/or interact with online is stored somewhere outside your reach, that is what makes it public and ultimately makes me, you, and everyone part of the security debate on whether public cloud services are actually secure.

To businesses looking to host full IT environments on the cloud, it is more obvious, not only personal email and search interests are being stored online in a remote datacenter somewhere but rather critical data and information that constitutes the full operation of the business itself given that we live in an era where IT drives business not the way around which makes risk all that much higher.

Top security threats identified for public cloud computing are (Cloud Security Alliance, 2010):

  • Data Breaches: Cloud companies have vast amount of data thus are attractive targets for hackers.
  • Privacy: How can data residing in foreign datacenters be protected from manipulation, stealing, and/or disclosure.
  • Account Hijacking: If cloud administrator account is hijacked then control over the whole infrastructure is granted.
  • Hacked API: Cloud hosted services share similar application APIs thus if compromised can affect many services.

Other security threats exist most of which are shared also by on premise traditional IT environments and that applies to the points listed above never the less those mentioned are more relevant with public cloud computing due to the fact that data is outside of one`s direct control (Rashid, 2016).

Cloud computing has definitely evolved significantly in the past couple of years to the extent that in 2016 research show that security is no more the top cloud challenge but rather lack of resources and expertise (Weins, 2016).

Not to respond to the for mentioned security risks one by one, simply take into consideration the major companies hacked in 2016 to conclude why public cloud security debate is actually over.

June 2016 U.S. NSA (National Security Agency) was hacked and private data was put on sale for 1 million dollars by a group of hackers called “Shadow Brokers” (Biggs, 2016). February 2016 U.S. Department of Justice was hacked with more than 10,000 employee records released to the public. May 2015 U.S. Internal Revenue Service was hacked with 100,000 tax payers` personal information compromised. February 2016 UC Berkeley financial data of more than 80,000 students was hacked. October 2016 many well-known websites where takes down by an DDOS attack on DYN DNS provider resulting in millions of dollars of loss (IdentityForce, 2016).

Case and point, all of the for mentioned hacked entities had private Datacenters with the highest forms of on premise security given they are high profile government entities never the less they were hacked and compromised. For most SMB and enterprises that most surely do not have the same budget as NSA for protecting their IT networks, the public cloud is actually a security blessing!

Public cloud providers invest millions of dollars on security and have the budget for it. They abide by strict SLA`s and have their reputation on the line. They have top of the line protection on multi-layer bases that private entities can never have due to actual cost and complexity.

Yes, the risk will always be there but the point is cloud computing is actually a safer bet. It is well known in the security industry that security is only an illusion, you will get hacked eventually, it’s only a matter of when you can find out and what can you do about it so lay off a bit of risk off your shoulders yet be due diligent.

Public cloud computing is the way to go. Hybrid computing models are more elastic, agile, and “secure” if by security you mean having the data under your physical control never the less it is a fact that public cloud vendors have more secure IT components.

Palo Alto Networks CEO put it clearly “Are cloud services new? Yes. Are we less experienced with this model as a community? Yes. Should we run away from it because it is new and because we don’t have lots of experience? Absolutely not.

That ship has sailed. If you are not in these virtual spaces now, you will be in five years. Why are you fighting it?” (Howard, 2016).

References

Biggs, J., 2016. Everything you need to know about the NSA hack (but were afraid to Google). [Online]
Available at: https://techcrunch.com/2016/08/16/everything-you-need-to-know-about-the-nsa-hack-but-were-afraid-to-google/
[Accessed 12 Feb 2017].

Cloud Security Alliance, 2010. Top Threats to Cloud Computing V1.0. Cloud Security Alliance, pp. 1-5.

Greiner, L., 2016. ‘We are back’: Citrix Systems CEO offers glimpse of company’s future at Synergy conference in Vegas. [Online]
Available at: http://business.financialpost.com/fp-tech-desk/cio/we-are-back-citrix-systems-ceo-offers-glimpse-of-companys-future-at-synergy-conference-in-vegas
[Accessed 13 Feb 2017].

Howard, R., 2016. Debate: Threats to cloud security are overhyped.. [Online]
Available at: https://www.scmagazine.com/debate-threats-to-cloud-security-are-overhyped/article/530369/
[Accessed 12 Feb 2017].

IdentityForce, 2016. The Biggest Data Breaches in 2016, So Far. [Online]
Available at: https://www.identityforce.com/blog/2016-data-breaches
[Accessed 02 Feb 2017].

Rashid, F. Y., 2016. The dirty dozen: 12 cloud security threats. [Online]
Available at: http://www.infoworld.com/article/3041078/security/the-dirty-dozen-12-cloud-security-threats.html
[Accessed 12 Feb 2017].

Weins, K., 2016. Cloud Computing Trends: 2016 State of the Cloud Survey. [Online]
Available at: http://www.rightscale.com/blog/cloud-industry-insights/cloud-computing-trends-2016-state-cloud-survey
[Accessed 13 Feb 2017].