Categories: CloudCloud Management

How Cyber Security Needs Are Driving Cloud Adoption

Cloud computing was by all accounts inevitable – we can see its steady adoption all around us.

According to Goldman Sachs spending on cloud computing infrastructure and platforms will grow at a 30 perecnt CAGR from 2013 to 2018, compared with overall enterprise IT’s five percent. It forecasts global security-as-a-service revenue will reach $106bn in 2016, growing 21 percent over 2015.

Disruption to business

Earlier this year CEO of British insurance company, Lloyd’s said that cyber-attacks cost businesses as much as $400bn a year, including the damage caused by the attack and consequent disruption to the normal course of business.

CIOs and their Infrastructure Management teams have historically been concerned about security in the cloud. Lack of trust, relative lack of control, fear of not knowing where the data resides, and complex regulations in different countries have only made this more difficult.

With the recent explosion of cyber-attacks, many have rightly noticed that their cloud environments were not breached during the attack. In fact, the attributes of cloud computing including Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS) are aligned with best practices in cyber security.

There are three recent cyber security trends that make cloud computing more relevant:
1. Network Segmentation and Lateral Movement
2. Data Protection
3. Intelligence Talent

Loading ...

The cyber-attacks that are putting major corporations such as Sony Pictures and JP Morgan in the news are advanced persistent threats with a motive to steal valuable data, cause major disruption and damage systems. In these cyber-attacks, the hackers patiently seek access to corporate systems then move laterally within the corporate network.

As a result, companies are segmenting their internal networks to make it difficult to move laterally. This is much more complex than it seems since major systems need to communicate with each other.

Cloud solutions, particularly SaaS, have solved this problem by creating a set of secure web services to isolate these communications. Cloud solutions are isolated across the Wide Area Network (WAN) and therefore are secured with their own firewall, intrusion prevention and monitoring.

Data protection

Since data theft or destruction of data are the common targets of hackers, the innovations in cloud computing uniquely provide data protection, both at rest and in transit.

First, physical access of data is completely obscured. With major cloud providers, there is no way to point to a physical server where the data is stored. Data is stored across multiple devices using advanced algorithms that provide scalability and protection.

Second, solutions are available to encrypt this data at rest using a key unknown to the cloud provider. One of the best practices for cyber security is to segment data so any breach is isolated to a segment of the information that may be useless without the entire set. These encryption solutions were setup to provide regulatory protection in the cloud but obviously provide an important piece of the data security.

Finally, since cloud systems are external, data in transit is typically encrypted, managed across a VPN or most recently, offered as direct connection by major telecom companies. Many internal systems assume that the network is secure and therefore do not protect data in transit inside the network. Although it is not difficult to accomplish, technically, it was not considered necessary. This mindset is changing.

Cyber security is of major importance to cloud computing companies. One major breach and their business model is at risk. For this reason, most major cloud computing companies are hiring top talent from intelligence organizations like the NSA, CIA or FBI.

Today, there is a talent gap in Cyber Security. International Information System Security Certification Consortium Inc. (ISC)2, a global provider of education and certification services for information security professionals, predicts that the global security hiring shortfall will reach 1.5 million in five years (cioinsight.com post). This makes it nearly impossible for major corporations (with the possible exception of large financial institutions) to attract the experienced talent required to protect against the advanced persistent threat.

These insights are based on conversations with CIOs and CISOs of some of the major companies breached in the last three years. Many have noticed that their cloud systems were not impacted during the breach. Strangely enough, where security was the first objection cited when considering cloud computing, it may now be the primary reason why many consider cloud computing.

How much do you know about data breaches? Take our quiz!

Duncan Macrae

Duncan MacRae is former editor and now a contributor to TechWeekEurope. He previously edited Computer Business Review's print/digital magazines and CBR Online, as well as Arabian Computer News in the UAE.

View Comments

  • I do like this concept, but is this still a valid argument?

    A lot of research seems to show that this is not recognised or accepted.

    Any other thoughts?

Recent Posts

Baltic Sea Power Cable Severed In Latest Incident

Undersea internet and power cable in Baltic sea between Finland and Estonia suffers outage. Finland…

39 mins ago

US Begins Investigation Into Legacy Chinese Chips

The Biden Administration has launched a last-minute investigation into older Chinese-made legacy semiconductors - weeks…

4 hours ago

Iran Lifts Ban On WhatsApp, Google Play

State media reports the Iranian regime has lifted the ban on WhatsApp and Google Play,…

4 hours ago

Spyware Maker NSO Group Found Liable In US Court

Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…

3 days ago

Microsoft Diversifying 365 Copilot Away From OpenAI

Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…

3 days ago

Albania Bans TikTok For One Year After Stabbing

Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…

3 days ago