May 21, 2020 By Josephine Wolff 3 min read

Organizations in both the private and public sectors have increasingly turned to cloud service providers (CSPs) to support their technical infrastructure, primarily to reduce IT costs and increase the efficiency of computing resources. In many cases, CSPs can also offer protection from security threats and increased cyber resilience — though customers often face trade-offs when they rely on cloud providers for these protections.

In the area of cyber resilience, in particular, organizations can offload much of the responsibility for keeping computer systems up and running by relying on cloud service providers, but this also means relinquishing much of their own control over those resilience measures.

Defining Cyber Resilience

The resilience of computer systems can mean slightly different things to different organizations. For some, it refers to maintaining a system that never goes down, while for others it refers to a system’s capacity to recover from incidents and outages as quickly and painlessly as possible.

The National Institute of Standards and Technology (NIST) defines the resilience of information systems as “The ability of an information system to continue to: (i) operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (ii) recover to an effective operational posture in a time frame consistent with mission needs.”

The Cost of Downtime

Although the types of incidents and their consequences vary from business to business, a 2014 estimate from Gartner puts the average cost of just one minute of IT downtime at $5,600, and a 2016 Ponemon Institute report raises that estimate to nearly $9,000 per minute. The ever-increasing reliance on IT services suggests that the financial consequences of unplanned outages are continually rising.

Since IT costs and efficiency are typically primary drivers of cloud service adoption, it makes sense that reducing costs due to IT outages and interruptions might also factor into the decision.

Long-Known Advantages of Cloud Services

Cloud services can help organizations with both of the components of cyber resilience: operating continuously under adverse conditions and recovering rapidly from incidents with minimal business interruptions. CSPs typically operate infrastructure with much greater capacity than individual organizations, and they may also have significantly more resources to devote to security measures and attack prevention.

Way back in 2012, a report published by ENISA, the European Union’s cybersecurity agency, determined that a cloud service provider’s ability to “dynamically reallocate resources for filtering, traffic shaping, authentication, encryption, etc, to defensive measures (e.g., against DDoS attacks) has obvious advantages for resilience.” In other words, a denial-of-service (DoS) attack that might otherwise cause company server outages can be easily absorbed by a cloud provider’s larger traffic capacity and greater ability to filter traffic.

Similarly, ransomware attacks that cut organizations off from their systems and data can be overcome with the assistance of cloud providers that produce and retain back-up copies of those systems.

Alternatively, a CSP can help customers respond to natural disasters that cut off power to servers in one region by shifting their traffic and systems to servers operated in a data center somewhere else.

A 2017 white paper titled “Advancing cyber resilience with cloud computing,” published by Microsoft, makes similar arguments: “Cloud computing can be a practicable and valuable tool for cyber resilience and digital continuity,” the authors assert. “Thanks to its geographic replication of data, rapid scalability, security features and cost-effectiveness, cloud enables users to increase the efficiency of their operations and their agility in response to threats.”

The impressive capabilities of cloud services have changed how businesses around the world operate, but ultimately, it is up to individual organizations to determine whether these long-known advantages outweigh the possible downsides.

The Trade-Offs of Cloud Services

The downside to relying on cloud services for resilience is that it can sometimes leave customers with little control over the resilience of their own computer systems and infrastructure and can also leave them vulnerable to attacks directed at their providers — as well as any mistakes the providers might make.

As more organizations rely on the same small set of cloud service providers, the consequences of each individual outage may become greater, even if the number of outages decreases. But for many small and medium-sized businesses (SMBs) that lack dedicated security staff, the risks of a cloud provider outage still won’t beat out the benefit of having the enhanced security and resilience resources that large cloud providers can offer.

More from Cloud Security

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Risk, reward and reality: Has enterprise perception of the public cloud changed?

4 min read - Public clouds now form the bulk of enterprise IT environments. According to 2024 Statista data, 73% of enterprises use a hybrid cloud model, 14% use multiple public clouds and 10% use a single public cloud solution. Multiple and single private clouds make up the remaining 3%.With enterprises historically reticent to adopt public clouds, adoption data seems to indicate a shift in perception. Perhaps enterprise efforts have finally moved away from reducing risk to prioritizing the potential rewards of public cloud…

AI-driven compliance: The key to cloud security

3 min read - The growth of cloud computing continues unabated, but it has also created security challenges. The acceleration of cloud adoption has created greater complexity, with limited cloud technical expertise available in the market, an explosion in connected and Internet of Things (IoT) devices and a growing need for multi-cloud environments. When organizations migrate to the cloud, there is a likelihood of data security problems given that many applications are not secure by design. When these applications migrate to cloud-native systems, mistakes in configuration…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today