Is Cloud Computing Experiencing The Same Security Threats As Enterprise Computing?

Is Cloud Computing Experiencing The Same Security Threats As Enterprise Computing?

Is Cloud Computing Experiencing the Same Security Threats as Enterprise Computing?

People have always feared that cloud computing is inherently lacking in security because of the distribution methods used, allowing it to be more public than necessary. But research and reports indicate that it is not less secure than enterprise computing as they actually both suffer from the same types of attack. And it does not matter if you are a small organization or a large one you will still be the target of cyber-attacks as most of them are opportunistic in threats report

While organizations and businesses are the target of online attacks, the real entryways for these attacks are unsecured personal computers. These form the backbone of the cyber-criminal’s arsenal. Hijacked computers referred to as zombies or bots are being used to make brute force attacks on different networks both within the cloud infrastructure and on-premise infrastructure. No one is actually safe, whatever kind of infrastructure that they are using. Others might be more privy to attacks due to the nature of their service like banks or the possible wealth of information that they bring, like government networks and industry leaders in technology research.

According to Alert Logic’s Fall 2012 State of the Cloud Security Report, the variations in the threat activity across the industry is not as important as where the infrastructure is located. Attacks are not industry specific or organizational size specific, they depend on the infrastructure. This means that anything that can be possibly accessed from outside, whether enterprise or cloud, has equal chances of being attacked because as mentioned, attacks are opportunistic in nature.

The reason why cyber-attacks are indiscriminate to industry and size would be due to the nature of the attacker’s weapon, the internet. Web application-based attacks hit both service provider environments (53% of organizations) and on-premise environments (44% of organizations). But as a plus for cloud computing’s side, on-premise environment users or customers actually suffer more incidents than those of service provider environments. On-premise environment users experience an average of 61.4 attacks while service provider environment customers averaged only with 27.8 while on-premise environment users also suffered significantly more brute force attacks compared to their counterparts.

Despite real research and facts being provided by security service providers like Alert Logic, many organizations still base their infrastructure decisions on the “myth” that cloud computing is inherently less secure compared to enterprise computing or on-premise services. But instead of focusing their attention to these perceptions, organizations should be focusing on leveraging factual data to evaluate their own vulnerabilities and then create a better plan for their security.

By Abdul Salam

About Abdul

Abdul is a senior consultant with Energy Services, and author of numerous blogs, books, white papers, and tutorials on cloud computing and accomplished technical writer with CloudTweaks. He earned his bachelor’s degree in Information Technology, followed by an MBA-IT degree and certifications by Cisco and Juniper Networks.

He has recently co-authored: Deploying and Managing a Cloud Infrastructure: Real-World Skills for the CompTIA Cloud+ Certification (Wiley).

View All Articles

One Response to Is Cloud Computing Experiencing The Same Security Threats As Enterprise Computing?

  1. I think this is a relevant question “Is Cloud Computing Experiencing The Same Security Threats As Enterprise Computing?” First and foremost is that the architecture is fundamentally based on sharing resources and moving data around for collaboration and scalability.  This contradicts the basic principles of data security and compliance, which focus on restricting access and controlling data flow.  Once the data is out of organizations’ hands and into the cloud, how can security be assured?
    If the platform cannot be protected by the organization, then the data itself must be secured before it reaches the cloud.  The primary means to this is in granular, selective data protection, via tokenization or masking, to allow different classification levels.  Tokenized or masked data holds no value to a potential thief, and allows applications to operate on selective portions of the data that bleed through.
    The data will then be secured across the enterprise and into the cloud, and only via policy retained at the organization’s security center can the sensitive data ever be revealed to authorized parties or applications that require it.  A separation of duties, isolating security administration to security personnel, can ensure protection from internal threats.
    Since the data itself is secured, this can reduce the requirements for auditing and monitoring, which are also issues in a cloud environment.
    Practicing in this way can allow organizations to rest easy, knowing that their data is safe wherever it goes, and continue to take advantage of the numerous efficiencies in cloud computing.
    Ulf Mattsson | CTO | Protegrity (m) +1.203.570.6919

Sponsor Programs
Cloud Thought Leaders And Contributors

Write For Us - Find Out More!

CloudTweaks is recognized as one of the leading influencers in cloud computing, infosec, big data and the internet of things (IoT) information. Our goal is to continue to build our growing information portal by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.