The list of high-profile security breach victims reads like a Who’s Who of famous companies: Target, Home Depot, J.P. Morgan, American Airlines, Hilton Hotels, Sony, Neiman Marcus, Staples, Time Warner Cable and Ashley Madison. And let’s not forget the government agencies (names look like alphabet soup) that also got hacked: IRS, OPM, NOAA. And all of this has happened in just the last couple of years.
Hackers have had a field day breaking into networks and stealing private information, almost at will. In fact, a study by insurance giant “Munich RE” last spring found that 70% of businesses had experienced at least one hacking incident in the previous year.
These attacks have coincided with soaring adoption of cloud computing. In a rare justification of the hyperbolic term “Revolution”, the cloud is altering the way nearly every organization approaches IT. Thus, it’s easy to assume that hackers are increasingly targeting the cloud infrastructure.
Attacks have turned up the heat on a simmering debate over whether data stored in the cloud is less secure than keeping it “on premise” – behind a firewall in a company data center. In fact, survey after survey shows security is the single biggest factor hindering faster adoption of cloud computing.
(Note: Cloud Security Issues were impressed on the RSA Conference 2012)
So does the pubic cloud have a security problem? Of course it does. Begs the question; How long has it had this problem…? “Cloud attacks are going up simply because that is where the money is,” Kevin Curran, senior member of IEEE, told the tech news outlet Computing.
But there’s a deeper problem. I’m seeing some situations in the industry right now where speed is taking precedence over security as organizations push applications and data to the cloud. They are moving this data to the cloud so fast that they’re not always sufficiently sweating all the security details.
It’s important to remember that threats to a company’s cloud don’t come just from the outside; they also can be vulnerable to insiders. Disgruntled employees gaining access to confidential data has always been a potential problem for companies, but the cloud makes it worse because it’s easier to destroy the entire cloud environment, and quickly, rather than one isolated part of the network. The same goes for unintentional errors caused by network administrators, say the misconfiguration of a firewall.
Fortunately, new technologies, practices and initiatives are coming along to help double down on cloud security. A practice known as micro-segmentation is getting increased attention in many organizations. This helps segment the network limits from an intruder and contain a breach before it harms the entire network.
Another more proactive approach is using software (such as Open vSwitch) to enforce security using policies. This allows every virtual machine in the network to have its own security – managed at the VM level, rather than at network level. This means an application can have its own individual security level – something impossible from a traditional network security perspective.
In addition, the OpenStack has a project, Neutron, working on a better cloud security management.
Obviously, the important point is that no cloud strategy is complete without rock-solid security execution. Organizations may be moving quickly to the cloud, but skimping on security as they do so can be (has been) a terrible and costly mistake.
Read Article (Pino di Candia | huffingtonpost.com | 01/21/2016)
The question is: Are you still comfortable with your personal data in the cloud? But it is nice to know, though for many after the fact, that a solution is in the works.
Technology is advancing at an exponential rate, inevitably the day will come when even millennials will be unfamiliar with the latest technology.
Master Level High-Tech Webinars