What are the true security risks to cloud infrastructure?

While the threat of a cyber attack is ever-present, perhaps the greatest single concern across the industry currently is data regulation.

According to Gartner, the global public cloud services market is forecast to grow 18% this year, totalling $246.8billion.

The soaring popularity of cloud is fuelled by the realisation that businesses with private cloud are hard-pressed to match the quality of service, resiliency, redundancy, performance and agility offered through public and hybrid platforms.

However, as more CIOs and IT teams look to move their operations onto public or hybrid cloud platforms, there are challenges that persist.

Many businesses are finding that they already have elements of the workload running on public cloud, because the IT department hasn’t been agile enough. Instead of waiting months for sign-off on an internal server, the company credit card was used to pay for a public cloud solution.

>See also: 10 trends that will influence cloud computing in 2017

This often results in business-critical data and business applications running “out there”, with zero control from IT.

Faced with time and financial pressures, CIOs might then push for a quick transition to public cloud. It’s simpler. Cheaper. Secure. At least, that’s the thinking prior to migration. In reality, many CIOs — even IT teams themselves — lack a fundamental understanding of what lies ahead.

Complications can impact timelines. Note-taking tool Evernote moved three petabytes to the cloud in just three months, but entertainment streaming service Netflix required seven long years to migrate.

Whatever they might think, the truth is that many businesses have, at best, a layman’s understanding — the financial and technical realities are very different once the journey begins. And still the biggest issue around cloud infrastructure is security.

Understanding the real threats

It’s not that cloud platforms are inherently insecure — the majority of breaches in the past five years have attacked internal databases. Rather, a business may not have a consistent security policy across platforms, or even full control of what is in place.

Imagine there are two internal servers. One is moved to the cloud. Instantly, neither can talk to the other without extra workarounds, including internal firewall tweaks for access and virtual firewalls externally to protect the data in the cloud.

>See also: Financial services and the great cloud conundrum

What initially was thought to be quick and simple is now a drain on technical and financial resources. True hybrid cloud is the ability to move workloads around from one platform to the other seamlessly, with consistent security across those workloads.

The security issues are two-fold. First, breaches. Though these do occur, existing hybrid solutions have proven to be robust — traditionally businesses with on-premise infrastructure employ a reactive stance to attacks, whereas the norm in the cloud is always proactive.

Whether businesses are using these cloud platforms securely, however, is another matter. A recent survey highlighted complacency as a growing problem: while over 60% of companies monitor their desktops, laptops and own networks for security threats, the percentage drops to just 36% for mobile devices and 24% for SaaS and IaaS applications. Again, consistency of security policies across all platforms and devices is key.

Data protection curveballs

While the threat of a cyber attack is ever-present, perhaps the greatest single concern across the industry currently is data protection regulation. For years, the US and Europe, for example, have operated vastly different policies on data.

The United States (and in particular, its new administration) continues to find ways to roll over data protection laws. The European Union, meanwhile, is only ever ramping up its data guardianship.

>See also: How the cloud will shape infrastructure this year

Indeed, the EU’s new General Data Protection Regulation (GDPR) due May 25, 2018 is widely seen as the most comprehensive data protection legislation in the western world.

How businesses will ensure safe, secure and compliant data passage between the continents with GDPR in place is already fraught with complexities. And failure promises crippling fines.

That’s because data is likely located on different continents and/or in different countries, with potentially multiple partners involved and across multiple cloud services.

A head office in the US may not be permitted to see data from Europe. Factor in Brexit, and even within Europe, when the UK leaves, data will need to be handled differently.

>See also: The cloud and its security implications 

Severe GDPR breaches, irrespective of who in the chain is liable for the breach, can result in a fine of up to €20m or 4% of annual worldwide turnover (whichever is higher).

While challenges like GDPR compliance will be major hurdles to overcome, the benefits delivered from cloud infrastructure will ultimately outweigh potential risks.

For now, businesses should make sure they stay up-to-date with regulatory changes and ensure they are translating their security plan to the cloud environment. Because at the end of the day, these are critical factors that will make or break a successful cloud infrastructure.

 

Sourced from Thomas Mulledy, director of CIS Consulting EMEA, >Unisys

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics

CIO
Cloud Infrastructure
GDPR