At an unprecedented pace, cloud computing has simultaneously transformed business and government, and created new security challenges. The development of the cloud service model delivers business-supporting technology more efficiently than ever before.
The shift from server to service-based thinking is transforming the way technology departments think about, design, and deliver computing technology and applications.
Cyber security challenges with cloud computing
Among the most significant security risks associated with cloud computing is the tendency to bypass information technology (IT) departments and information officers.
Although shifting to cloud technologies exclusively may provide cost and efficiency gains, doing so require that business-level security policies, processes, and best practices are taken into account.
In the absence of these standards, businesses are vulnerable to security breaches that can erase any gains made by the switch to cloud technology.
Seeing both the promise of cloud computing, and the risks associated with it, the Cloud Security Alliance (CSA) has created industry-wide standards for cloud security.
The largest and arguably most comprehensive player in cloud security standards is the CSA or Cloud Security Alliance. With corporate members including Amazon Web Services, Microsoft, Oracle, RackSpace, RedHat and Salesforce (among dozens more), most blue chip industry cloud services have a stake in the CSA.
The CSA has developed a compliance standard known as the CCM or Cloud Control Matrix. Published in Excel spreadsheet format, the CCM describes over a dozen areas of cloud infrastructure including risk management and security. The CCM goes beyond security itself and includes compliance measures which also address government and legal regulations and hardware architecture.
The CCM describes hundreds of criteria. For example, from the category “Facility Security – Secure Area Authorization” you can find this control specification:
Ingress and egress to secure areas shall be constrained and monitored by physical access control mechanisms to ensure that only authorized personnel are allowed access.
The criterion obviously speaks to the question of the physical security of a cloud provider’s facilities. But the standard does not exactly dictate implementation.
Many businesses, organisation, and governments have incorporated this guidance into their cloud strategies.
Therefore with an up-to-date, expert-informed understanding of cloud security concerns in order to make educated risk management decisions regarding cloud adoption strategies.
While there are many security concerns in the cloud, The Top Threats 12 critical issues to cloud security (ranked in order of severity per survey results):
1. Data breaches
2. Weak Identity, Credential and Access Management
3. Insecure APIs
4. System and Application Vulnerabilities
5. Account Hijacking
6. Malicious Insiders
7. Advanced Persistent Threats (APTs)
8. Data Loss
9. Insufficient Due Diligence
10. Abuse and Nefarious Use of Cloud Services
11. Denial of Service
12. Shared Technology Issues
Talk to Anglo African Consulting Ltd for assistance on cyber security risk on 2331636 or via email:email@example.com.
Image source: mecloud.info