There are at least two issues for organizations that are “not if, but when,” and the two are tied together, namely cloud migration and security breaches. Both are imminent as organizations move applications and storage to the cloud for easier deployment, management and accessibility even for remote and mobile employees. The downside to the cloud is that it leaves the network and its content open to potential and very likely attacks. Organizations need to secure and protect their clouds to avoid “rainy-day” attacks.
Consequently, migration to the cloud is a decision that needs to be taken seriously because it affects security, productivity and how business is conducted. Obviously, there are levels of cloud integration as companies become digital organizations.
Recently there have been two studies of note on cybersecurity in the age of cloud, one from Intel Security, formerly McAfee; and one from Verizon.
The Intel study asked 1,200 IT decision-makers, in eight countries, with responsibility for cloud security in their organizations about their plans for cloud adoption, their biggest challenges, and their investment priorities over the coming year. According to the survey, 51% of cloud deployments were private clouds. Public cloud accounted for 30%, and hybrid cloud accounts for 19% of enterprise cloud deployments. Cloud migration is moving quickly with an average of 15 months until 80% of an organization’s IT budget will be allocated to private cloud.
Source: stokpic.com used under CC license.
While cloud computing is important to organizations with the most common types of data stored in the cloud identified as business intelligence (52%), financial accounting (52%), employee records (48%) and customers’ personal information (40%), security is still an unknown for many organizations. 13% of organizations that said they do not know whether they have sensitive data in the cloud. With regard to security, the IT managers are the most concerned about denial-of-service attacks (36%) and malware and botnets (33%). To protect data, the respondents are turning to file encryption (60%), followed by email security (55%). For IaaS, organizations are using an average of four security solutions. Most common are firewalls (70%) and encryption (62%). Private cloud also has an average of four security solutions, with firewalls being the most common (67%).
Verizon’s 2016 Data Breach Report compiled over 64,000 security incidents and 2,260 actual data breaches occurring across 72 countries and myriad industries. The information was shared by many of the leading cybersecurity vendors, law enforcement agencies, and the US Department of Homeland security. The study found that the majority of attacks are financially motivated, perpetrated by organizational outsiders and can be characterized as denial of service (DoS) or ransomware. Web attacks are caused by phishing and DoS. While attackers are external to organizations, they are aided unwittingly by insiders who click on links or use less-than-secure passwords that can be easily breached.
As in sports, the best offense is often a good defense when it comes to cyberattacks on cloud-based organizations. With the average cost of a data breach in 2015 reaching $3.79 million, it behooves organizations to involve all employees and not solely the IT department in creating a strong culture of data security, which encompasses BYOD, password policies, regulating mobile access or the need for document encryption. The ultimate goal is to protect the corporate infrastructure and documents. This is everyone’s responsibility—whether in IT, finance, human resources or sales—as we enter the cloud-based digital age.