Public Cloud Platforms – A Honey Pot For Threat Actors

Building An Understanding Of Risk And Configuration



Jeff Orr
12/25/2019

Compliance Checklist

Today, the shape of the enterprise is changing; that it is to say in sync with cloud capabilities. Workloads are steadily migrating there – a platform using a remote-server network to manage and process data.

The concept of the cloud opposes the previous practice of local-server and/or personal computer (PC) storage. Each of the various cloud types (public, private, multi, hybrid) offer enterprise cost benefits, as well as other efficiencies (e.g., steadier output, more storage (external), economies of scale, default security settings, etc.). Yet, the cloud has also morphed into an entry point for threat actors. In fact, cloud computing, in an unsecure state, drastically widens the attack surface, offering hackers the upper hand in an end-to-end battle that has ensued for years.

See Related: Cloud Security Market Report: Exploring The Right Enterprise Strategy

Yet, has the state of cloud security improved in recent years? Can security practitioners feel comfortable in its current iteration? What developments have steered the wider cloud conversation? Executives and their organizations are facing tough questions such as these on a daily basis. Essentially, cloud security comes down to an understanding of risk, configuration and compiling the right security team.

Are Enterprises Ready?

Enterprise Strategy Group (ESG) Senior Analyst, Doug Cahill, said that the “notable level of industry activity is indicative of an acceleration of market maturity driven by a cloud security readiness gap.”

It appears many IT and cyber security teams are “catching up” to secure the cloud services, applications and infrastructure their organization is using. In order to do so, they are adjusting their processes, policies and technologies.

See Related: Cloud Security: A CISO Guide

The ESG analyst also said that “we are way past security concerns gating cloud adoption.” Those that fall into this category, however, either operate in an air-gapped environment or are simply “oblivious” to lines of business (LOB) doing an end-run around them – right toward the cloud.

Despite the applicability of “hybrid” cloud, meaning enterprises taking some of their storage capacity and offloading it to a CSP, while retaining other portions of it, it is inherently complicated.

Private cloud, implemented over internal infrastructure, also draws questions because of the cost benefits enterprises are supposed to receive by removing the interior components altogether. Virtual private cloud (VPC) also retains the “private” tag but uses a third-party cloud provider’s servers. They achieve this using a certain degree of isolation between other VPC users on the platform. Multi-cloud is just that – disparate usage of cloud platforms, ostensibly to seek cost benefits. Meanwhile, public cloud platforms have progressed in recent years, with big industry players behind it. However, these (potentially sensitive) data sets may not sit behind the most extensive, encrypted security controls. As such, public cloud platforms may be susceptible to threat actors.

Read the complete Cyber Security Hub market report “Cloud-Based Security Extends Protection To The Edge” to learn more about the readiness gap, the compliance gap and tips for InfoSec practitioners.

See Related: Cyber Security Hub Market Reports

RECOMMENDED