Light Dark
May 3, 2016 By Rick M Robinson 2 min read
Cloud Security

Cloud Risks Are Real

The cloud wars are over, and of course the cloud won. We don’t just deal with the cloud; when it comes to IT, we pretty much live in the cloud. The most obvious result is enormous power at our fingertips — even when our fingers are on the go.

The power of the cloud also means that cloud risks are all around us. Since the cloud is everywhere, we may not even think of those risks as cloud-related — but they are, which means basic cloud security education is essential.

BYOCA: Bring-Your-Own-Cloud-App and Other Blunders

Remember when bring-your-own-device (BYOD) first became a big security concern? It still is, by the way, and it’s easy to forget that those mobile devices are used almost entirely for mobile access to — wait for it — the cloud.

It’s not just mobile, either. As Dennis McCafferty pointed out at CIO Insight, laptops are the primary way business users access the cloud.

The basic fact of cloud risks and cloud security is that it is a shared responsibility. According to Yotam Gutman at Infosec Island, the vendor, be it the cloud provider or a cloud resource provider, is typically responsible for offering a secured service. The client — you or your employee — is responsible for using it securely.

Cloud services vendors can and do slip up, but the real challenge is on the client end. Mistakes are legion. Infosec Island reported that one-third of business users surveyed have downloaded work-related apps without telling IT. Most probably never thought twice about it, especially if they were using a company-provided device.

The cloud also supports creative new versions of old-fashioned security blunders. One-quarter of respondents in the “(Still) Careless Users in the Cloud” survey stored passwords in documents that weren’t password-protected. When left in an unprotected document, that password is conveniently available to the cybercriminal working from anywhere around the world. Additionally, anyone could walk into an office and see the 20 percent of passwords written on a sticky note, according to the report. These poor practices could ultimately result in damaging breaches for an organization.

Security Education Should Not Be a Teachable Moment

More often than not, basic cloud security mistakes are made by people who have no idea that they are doing something risky. No warning sign comes up; employees only see the cloud as another resource that comes up on their monitor — not the massive risk it actually is. The time to discover the need for basic cloud security education is not when a breach occurs and company data spills all over the Internet.

Yes, a growing range of security solutions are available for protecting against specific cloud risks. But the most critical line of protection remains the human user. Organizations need to protect themselves and their people from the hazards of the cloud by educating them in security awareness for the cloud era.

Learn more about Cloud Security

 |  |  |  | 
Rick M Robinson

More from Cloud Security
November 14, 2024

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

October 10, 2024

Risk, reward and reality: Has enterprise perception of the public cloud changed?

4 min read - Public clouds now form the bulk of enterprise IT environments. According to 2024 Statista data, 73% of enterprises use a hybrid cloud model, 14% use multiple public clouds and 10% use a single public cloud solution. Multiple and single private clouds make up the remaining 3%.With enterprises historically reticent to adopt public clouds, adoption data seems to indicate a shift in perception. Perhaps enterprise efforts have finally moved away from reducing risk to prioritizing the potential rewards of public cloud…

June 6, 2024

AI-driven compliance: The key to cloud security

3 min read - The growth of cloud computing continues unabated, but it has also created security challenges. The acceleration of cloud adoption has created greater complexity, with limited cloud technical expertise available in the market, an explosion in connected and Internet of Things (IoT) devices and a growing need for multi-cloud environments. When organizations migrate to the cloud, there is a likelihood of data security problems given that many applications are not secure by design. When these applications migrate to cloud-native systems, mistakes in configuration…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature