How Organizations can Optimize Cloud Security

How Organizations can Optimize Cloud Security

Cloud security is otherwise known as cloud computing security.  Cloud security is concerned with the protection of data stored in the Cloud. Protection from leakage, theft, and deletion. It, therefore, can be described as a set of policies, control measures, and other infrastructure associated with cloud computing.  The importance of Cloud and its security concerns is attracting emergent consideration, attention, and interest from all industries, mostly scientific and industrial organizations.  A study conducted in 2011 by Gartner, a market research firm, put Cloud computing amongst the top 10 technologies with a prospect of growth in successive years.

Source:  (Ismail, 2018)

Cloud computing, however, brings with it a level of security risk.  The risk is attributable to the fact that the essential services of the Cloud are outsourced to third parties making is difficult and challenging to maintain data security and privacy.  The availability of service support of data is a challenge. It is, therefore, essential to understand cloud security and how the Cloud works, its importance, its vulnerabilities, and threats posed to the users and come up with precise solutions that optimize cloud security.

How the Cloud works

The Cloud is the data centers that are available to a multitude of users online, including the software and databases that run them.  To have Cloud as your data center means that companies do not have to keep and manage physical servers on their premises or their machines’ hard drives. Cloud is not having a network storage software (NAS) server in companies’ premises. Cloud works by enabling users to access information from anywhere around the globe, from any device at any time. This accessibility is the reason that users of platforms like Facebook and Instagram and other applications can log into their accounts from any device and find all their information and conversations intact. The same for mail providers like Gmail or Microsoft and Cloud storage providers like google drive or dropbox.

The Cloud works by using technology that allows the creation of a ‘virtual’ computer that acts as a server. By using many of these ‘virtual’ machines, they give different servers with data the capability to serve a multitude of organizations at a minimal cost. Users are then able to access these cloud services (retrieval or storage of data) through applications or browsers that are linked to the Cloud over the internet regardless of location or device they are using. There are various cloud deployments: private Cloud, public Cloud, hybrid Cloud, and multi-cloud. A private cloud is a data center for a sole organization, while multiple users or companies use public Cloud within the same server. A hybrid cloud is one that combines both private and public, while the multi-cloud involves many public clouds and can also be hybrid Cloud and vice versa.

Source: (Robots.net, 2019)

Emerging issues on Cloud Security

Cloud security complexity

Cloud security is a complex paradigm with several emerging issues arising every year. Cloud security experts have been advancing the understanding of the cloud security complexity; cloud infrastructures are being made secure, but cloud attackers and hackers are becoming sophisticated. The 2019 Cloud Security Alliance (CSA) report, ‘the Egregious Eleven,’ brings out emergent issues on cloud security as those that are as a result of organization management decisions in the areas of their cloud security strategy, its management and implementation.

Internal weak access controls

The emerging issues from the report are breaches of data, inadequate internal or weak control configurations, internal threats (insider), Insecure Application Programming Interfaces (APIs), vulnerable or lack of proper access management, among others. The report highlights the cloud security threats being the responsibility of the user with traditional issues like cloud vulnerability and data losses eradicated.

Data Breaches

In July 2019, Capital One Bank faced a significant data breach. Scores of more than 100 million of its customers in the U.S. and 6 million in Canada had their data breached and compromised after the bank’s cloud misconfiguration.  This breach is one of the most significant data breaches in the financial banking industry.  The consequences of this breach are the ability of customers’ data usage and the risk of phishing for a period afterward.  In September 2017, another data breach from Equifax, a credit reporting agency, affected over 140 million people. Their data was exposed. This breach cost Equifax over $400 million in a global settlement. Cloud platforms and providers have had a share of cloud threats endangering their data.  Yahoo, adult friend finder, Myspace, and Marriot Starwood hotels and results have had their Clouds compromised by hackers.

Cloud Security is critical for users/organizations.

Gartner statistics showed that cloud computing would turn into a multi-billion service ($246.8) industry and forecasted a remarkable growth of its infrastructure, with its services reach of over $46 billion by 2017. Cloud offers its users convenience and cost-effective and minimal management.  Additional reports, “2016 spotlight report” by Cloud Passage, confirmed that at least 91% of organizations use Cloud but are overly concerned by the security and privacy of their data. This data is a pointer to the acceptance and popularity of Cloud by organizations around the world due to the importance it attaches to it.

Organizations have embraced Cloud due to the cost-effectiveness, efficiency and productiveness it offers.  With many organizations’ operations spread across the globe, Cloud allows employees to access data anytime and anywhere. Cloud is useful for business but is not risk-free. It makes cloud security critical to the organizations and their employees. Organizations and users must embrace and understand cloud security. Organizations stand to lose significant funds in settlements like the case of Equifax if cloud security is not optimized.

Cloud Security failures and pitfalls organizations are facing.

Several prominent cloud security breaches and leakage of data in the past two years has attracted attention.  Organizations and companies are now focusing on assessing their failures and pitfalls in managing cloud security. These breaches have now changed the landscape of the Cloud. These emergent issues in cloud security have forced organizations to rethink their strategies in protecting their data. Organizations are reviewing and auditing their decisions on cloud security – retaking assessment of their failures and pitfalls they have become prey to.

Ignorance of Emerging cloud threats

Organizations have ignored or lack knowledge of the emerging cloud security threats. As the Cloud evolves and transforms into sophisticated infrastructure and technology, so is the cloud security threats.  Hackers are becoming more aggressive with honed techniques to take advantage of any slight breach to steal data.

Weak Internal cloud access credentials

Organizations have resulted in paying keen attention to external attacks disregarding the internal threats employees pose to their data.  Employees are trusted with information and data. They do not need to break through the architecture of the systems and other security walls like firewalls but possess unhindered access to all sensitive data in the organizations’ computer systems. Organizations offer credentials for data access liberally with no way of ensuring data security. Employees widely do data deletion, modifications, or leakage using access credentials granted by the organization.

Organizations using Cloud for the first time are struggling with access control management of their cloud data. Determination of credentials combined with the roles held by employees has become a real struggle as they ascertain certain access rights appropriate for those roles.  They forget to change access rights with functional or purpose changes within. The Health Insurer Anthem Inc. data breach in 2015, affecting 80 million of its customers was a result of mishandled user credentials.  Anthem failed like organizations do today, to employ multiple authentications (two-factor) of user access controls.

Failure to understand cloud models

Failure by organizations to understand Cloud as a shared security model has been one of the biggest pitfalls. They leave the security management of their cloud data to the cloud provider. Whereas in this model, the service provider ensures the security of access, organizations are responsible for ensuring their data security while within the Cloud through their operating systems. Organizations get stuck and trapped with the cloud model as they fail to comply with compliance laws on data management for their clients. Additionally, organizations are bypassing or abandoning altogether in deciding the cloud model suited for their businesses. They fail to decipher how certain services are offered in the Cloud, thus compromising their data. Various models carry different levels of risk.

Optimizing Cloud Security for users

Cloud security is one of the significant concerns in the IT industry today. Organizations and their users are embracing Cloud computing but are skeptical about the security and privacy of their information held on the Cloud. Organizations are working hard to maintain a competitive edge in the market by increasing the trust their users have on their privacy and security of the information they share with them. Proper cloud architecture, consistent systems monitoring, and employment of good governance can optimize cloud security for organizations and their users.

Proper configuration of Cloud storage

The emerging issues of data breaches are due to cloud storage. The causes for these breaches are often associated with the misconfiguration of the Cloud.  The Capital One Bank breach related the incident to ‘firewall misconfiguration.’ These configurations range from access control managements, user credential pitfalls, and insecure storage. According to the CSA report, Ëgregious 11, these misconfigurations resultant from incorrect setups of cloud assets creating vulnerability of attacks.  Organizations leadership should ensure the right decisions in exploring the right strategies for moving their data and applications in Cloud.

Proactive cloud Monitoring and audit

Consistent monitory of any intrusion into the cloud system or environment can be set. Proactive monitoring of cybersecurity and protocols can optimize an organization’s position to foresee potential problems and resolve them before they happen. Intrusion detection methods can be employed to aid in misuse and anomaly detection in the cloud environment. Execution of unprecedented access into the cloud environment can be detected using techniques such as kernel debugging, or IDs. IDs approaches like signatures, behaviour anomaly or a combination of both are recommendable.  Detection of these anomalies sends an alarm to the data administrator and can be timed to response mechanisms, thus preventing further damage.

Micro-Segmentation, the future of Cloud Security

Micro-segmentation is one of the emerging methods for optimizing cloud security. Micro-segmentation, also being known as security segmentation, makes use of virtual networks like VLAN or LAN to break networks into small components for easier management. These segments break into workloads, applications, operating systems, which are then configured independently and secured independently on the Cloud. Micro-segmentation is the future of cloud security. It makes it harder for malicious infections to affect the whole network, as each segment has its secure boundaries. If there is an infection in one part of the system, it is detected before it can compromise other sections of the network.

Conclusion

Cloud continues to be embraced by organizations across the grown as the most convenient and cost-effective way of managing extensive data.  With Cloud growth, so is the cloud security concerns for privacy and security of its data storage.  Organizations continue to embrace new practices to optimize cloud security to maintain trust and reputation from their users.  To achieve that, organizations need to understand cloud security, how cloud words, the advantages or critical aspects it offers to the organizations, the vulnerabilities, and threats and develop solutions to optimize security measures.

References

Cloud Security 2016 Spotlight Report. (2016). [online] CloudPassage. Available at: https://pages.cloudpassage.com/rs/857-FXQ-213/images/cloud-security-survey-report-2016.pdf [Accessed 5 Mar. 2020].

CSA Releases New Research – Top Threats to | Cloud Security Alliance. (2019). Retrieved 5 March 2020, from https://cloudsecurityalliance.org/press-releases/2019/08/09/csa-releases-new-research-top-threats-to-cloud-computing-egregious-eleven/

Ismail, N. (2018). Cloud security – who should take ownership in the enterprise?. Retrieved 5 March 2020, from https://www.information-age.com/cloud-security-ownership-enterprise-123473398/

Jathanna, R., & Jagli, D. (2017). Cloud Computing and Security Issues. International Journal Of Engineering Research And Applications, 07(06), 31-38. doi: 10.9790/9622-0706053138

Luszcz, J. (2018). Apache Struts 2: how technical and development gaps caused the Equifax Breach. Network Security, 2018(1), 5-8. doi: 10.1016/s1353-4858(18)30005-9

Mathews, L. (2017). Equifax Data Breach Impacts 143 Million Americans. Retrieved 5 March 2020, from https://www.forbes.com/sites/leemathews/2017/09/07/equifax-data-breach-impacts-143-million-americans/

Mueller, P., Huang, C., Yu, S., Tari, Z. and Lin, Y. (2016). Cloud Security. IEEE Cloud Computing, 3(5), pp.22-24.

Top 10 Benefits Of Cloud Computing For Your Business | Robots.net. (2019). Retrieved 5 March 2020, from https://robots.net/it/top-10-benefits-of-cloud-computing-for-your-business/