May 21, 2020 By Josephine Wolff 3 min read

Organizations in both the private and public sectors have increasingly turned to cloud service providers (CSPs) to support their technical infrastructure, primarily to reduce IT costs and increase the efficiency of computing resources. In many cases, CSPs can also offer protection from security threats and increased cyber resilience — though customers often face trade-offs when they rely on cloud providers for these protections.

In the area of cyber resilience, in particular, organizations can offload much of the responsibility for keeping computer systems up and running by relying on cloud service providers, but this also means relinquishing much of their own control over those resilience measures.

Defining Cyber Resilience

The resilience of computer systems can mean slightly different things to different organizations. For some, it refers to maintaining a system that never goes down, while for others it refers to a system’s capacity to recover from incidents and outages as quickly and painlessly as possible.

The National Institute of Standards and Technology (NIST) defines the resilience of information systems as “The ability of an information system to continue to: (i) operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (ii) recover to an effective operational posture in a time frame consistent with mission needs.”

The Cost of Downtime

Although the types of incidents and their consequences vary from business to business, a 2014 estimate from Gartner puts the average cost of just one minute of IT downtime at $5,600, and a 2016 Ponemon Institute report raises that estimate to nearly $9,000 per minute. The ever-increasing reliance on IT services suggests that the financial consequences of unplanned outages are continually rising.

Since IT costs and efficiency are typically primary drivers of cloud service adoption, it makes sense that reducing costs due to IT outages and interruptions might also factor into the decision.

Long-Known Advantages of Cloud Services

Cloud services can help organizations with both of the components of cyber resilience: operating continuously under adverse conditions and recovering rapidly from incidents with minimal business interruptions. CSPs typically operate infrastructure with much greater capacity than individual organizations, and they may also have significantly more resources to devote to security measures and attack prevention.

Way back in 2012, a report published by ENISA, the European Union’s cybersecurity agency, determined that a cloud service provider’s ability to “dynamically reallocate resources for filtering, traffic shaping, authentication, encryption, etc, to defensive measures (e.g., against DDoS attacks) has obvious advantages for resilience.” In other words, a denial-of-service (DoS) attack that might otherwise cause company server outages can be easily absorbed by a cloud provider’s larger traffic capacity and greater ability to filter traffic.

Similarly, ransomware attacks that cut organizations off from their systems and data can be overcome with the assistance of cloud providers that produce and retain back-up copies of those systems.

Alternatively, a CSP can help customers respond to natural disasters that cut off power to servers in one region by shifting their traffic and systems to servers operated in a data center somewhere else.

A 2017 white paper titled “Advancing cyber resilience with cloud computing,” published by Microsoft, makes similar arguments: “Cloud computing can be a practicable and valuable tool for cyber resilience and digital continuity,” the authors assert. “Thanks to its geographic replication of data, rapid scalability, security features and cost-effectiveness, cloud enables users to increase the efficiency of their operations and their agility in response to threats.”

The impressive capabilities of cloud services have changed how businesses around the world operate, but ultimately, it is up to individual organizations to determine whether these long-known advantages outweigh the possible downsides.

The Trade-Offs of Cloud Services

The downside to relying on cloud services for resilience is that it can sometimes leave customers with little control over the resilience of their own computer systems and infrastructure and can also leave them vulnerable to attacks directed at their providers — as well as any mistakes the providers might make.

As more organizations rely on the same small set of cloud service providers, the consequences of each individual outage may become greater, even if the number of outages decreases. But for many small and medium-sized businesses (SMBs) that lack dedicated security staff, the risks of a cloud provider outage still won’t beat out the benefit of having the enhanced security and resilience resources that large cloud providers can offer.

More from Cloud Security

Cloud security evolution: Years of progress and challenges

7 min read - Over a decade since its advent, cloud computing continues to enable organizational agility through scalability, efficiency and resilience. As clients shift from early experiments to strategic workloads, persistent security gaps demand urgent attention even as providers expand infrastructure safeguards.The prevalence of cloud-native services has grown exponentially over the past decade, with cloud providers consistently introducing a multitude of new services at an impressive pace. Now, the contemporary cloud environment is not only larger but also more diverse. Unfortunately, that size…

The compelling need for cloud-native data protection

4 min read - Cloud environments were frequent targets for cyber attackers in 2023. Eighty-two percent of breaches that involved data stored in the cloud were in public, private or multi-cloud environments. Attackers gained the most access to multi-cloud environments, with 39% of breaches spanning multi-cloud environments because of the more complicated security issues. The cost of these cloud breaches totaled $4.75 million, higher than the average cost of $4.45 million for all data breaches.The reason for this high cost is not only the…

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today