Is Cloud Computing Experiencing the Same Security Threats as Enterprise Computing?
People have always feared that cloud computing is inherently lacking in security because of the distribution methods used, allowing it to be more public than necessary. But research and reports indicate that it is not less secure than enterprise computing as they actually both suffer from the same types of attack. And it does not matter if you are a small organization or a large one you will still be the target of cyber-attacks as most of them are opportunistic in nature.
While organizations and businesses are the target of online attacks, the real entryways for these attacks are unsecured personal computers. These form the backbone of the cyber-criminal’s arsenal. Hijacked computers referred to as zombies or bots are being used to make brute force attacks on different networks both within the cloud infrastructure and on-premise infrastructure. No one is actually safe, whatever kind of infrastructure that they are using. Others might be more privy to attacks due to the nature of their service like banks or the possible wealth of information that they bring, like government networks and industry leaders in technology research.
According to Alert Logic’s Fall 2012 State of the Cloud Security Report, the variations in the threat activity across the industry is not as important as where the infrastructure is located. Attacks are not industry specific or organizational size specific, they depend on the infrastructure. This means that anything that can be possibly accessed from outside, whether enterprise or cloud, has equal chances of being attacked because as mentioned, attacks are opportunistic in nature.
The reason why cyber-attacks are indiscriminate to industry and size would be due to the nature of the attacker’s weapon, the internet. Web application-based attacks hit both service provider environments (53% of organizations) and on-premise environments (44% of organizations). But as a plus for cloud computing’s side, on-premise environment users or customers actually suffer more incidents than those of service provider environments. On-premise environment users experience an average of 61.4 attacks while service provider environment customers averaged only with 27.8 while on-premise environment users also suffered significantly more brute force attacks compared to their counterparts.
Despite real research and facts being provided by security service providers like Alert Logic, many organizations still base their infrastructure decisions on the “myth” that cloud computing is inherently less secure compared to enterprise computing or on-premise services. But instead of focusing their attention to these perceptions, organizations should be focusing on leveraging factual data to evaluate their own vulnerabilities and then create a better plan for their security.
By Abdul Salam
He has recently co-authored: Deploying and Managing a Cloud Infrastructure: Real-World Skills for the CompTIA Cloud+ Certification (Wiley).