The origins of cloud computing can be traced back as far as the 1960s. The term itself dates to around 1996, and it was around 2006 that tech giants like Google and Amazon started talking about this as a big part of the shifting computer storage paradigms for users.
But it’s really only in the last decade when the cloud transitioned into more than a buzzword used by a few in-the-know technologists, and started becoming a mainstream term that’s fundamentally changed both the business and personal landscape — and introduced the pressing need for cloud security along the way.
The Basics of Cloud Computing
Cloud computing is an on-demand approach to computer system resources, whether that’s storing information, accessing massive amounts of computational processing power, or running software remotely. There are plenty of advantages to cloud computing, but one of the big ones is that it lets users tap into the resources they need from wherever they are, without having to worry about maintaining the physical hardware and infrastructure to allow it to work.
Most organizations have been using the cloud, to a greater or lesser extent, for a few years now. But the COVID-19 pandemic highlighted just how important it is. Suddenly, cloud computing shifted from a “nice to have” to a “must-have,” as employees worked from home, but still required access to the tools and systems they would have in a physical office.
According to a report by market research firm Gartner, end-user spending worldwide on public cloud services is expected to grow more than 18% in 2021, reaching a new high of $304.9 billion. That’s a big increase from the still considerable $257.5 billion it hit in 2020. Even when the pandemic is over, it seems the cloud will be a big part of the “new normal.”
The Security Problem
Unfortunately, there’s a problem. Put in its most basic terms: cloud security lags way behind cloud adoption. The same reasons the cloud is great (it lets you access it from anywhere, someone else is responsible for sorting out the infrastructure and other problems) also turns out to be its weakness. This can lead to data breaches, which may prove extremely damaging to businesses.
There are multiple security challenges businesses can face when it comes to the cloud. Misconfigurations are a big one. Cloud misconfigurations may be the result of outdated security models or inexperience on the part of users. A misconfiguration means failing to properly implement the security controls for a particular web application or server, such as leaving administration ports open for an application or featuring unsecured APIs that could expose a particular application to a remote attack. Misconfigurations are a visibility problem. Businesses may be unaware of certain blind spots or gaps they face in terms of security, thereby opening them up to possible threats.
Unauthorized access is also a notable challenge. A cloud-based system is accessible from the public internet. This is, as mentioned, one of the big selling points of cloud computing. However, if you or your employees are able to gain access to a system, so too could a potential attacker. Weakly protected accounts may be hijacked, or attackers might utilize phishing attacks that ask targets to confirm their login details for a particular system while posing as a legitimate source. Once an attacker has gained access to a system, they can then cause damage from the inside.
The Risk of Cyberattacks
Any business that uses cloud-based systems is fearful of cyberattacks taking place. One of the most common types of attack is a Denial of Service (DoS) or Distributed Denial of Service attacks. These work by bombarding a web server or other critical system with massive amounts of traffic, overwhelming them, and leaving them unable to respond to legitimate requests.
Some new types of DDoS attacks are based on the attacker hijacking virtualization management systems, overloading visualization resources, such as hypervisors, or negatively impacting the migration and backup systems so as to make unnecessary copies of production systems. The effects can be devastating.
Some big businesses and organizations have been victims of attacks based on their cloud infrastructure. For example, an attack on Capital One, the tenth-largest bank in the United States in terms of assets, resulted in its Amazon Web Services (AWS) cloud infrastructure being compromised — with 700 folders and data packaged which contained confidential customer information being copied to an external location. The cause of this was an incorrectly configured web application firewall (WAF). This kind of attack is by no means an isolated incident.
Take Steps to Protect Yourself
Businesses wanting to secure their cloud infrastructure (which should be all of them!) must take proactive steps to do so. Keeping systems up to date, practicing good data hygiene so that you know exactly which data assets you own, auditing and optimizing configurations, and carrying out regular backups are all vitally important.
It’s also well worth considering bringing in cybersecurity experts to help with the proper security solutions. These work by stopping web applications and API attacks that can result in data theft, halting DDoS attacks without stopping legitimate users, and tracking access to data and applications to provide split-second responses where needed. Such experts can also ensure the business’ compliance with data regulations through the use of tools like application security (RASP), data security (DAM), and network edge security (WAF) tools.
The advantages of cloud computing are enormous. But the risks are real. By being aware of them, and taking the right steps to mitigate them, businesses will be in a much stronger situation. This is an essential move in 2021 — and beyond.