January 8, 2015 By Domenico Raguseo 3 min read

When it comes to adopting delivery models such as the cloud, one of the biggest concerns for small and midsize businesses (SMB) is security. However, it is unclear whether those concerns are founded. Cybercrime is increasing, and not just because of increased cloud adoption.

I cannot remember many situations in which the cloud has been the root cause of an attack. Distributed denial-of-service attacks, SQL injections and cross-site scripting are usually used to attack enterprises, and zero-day vulnerabilities have also been exploited inside enterprises.

Though utilizing a security service is an additional cost, it is now mandatory for organizations of all sizes. An enterprise might as well not exist if it isn’t on the Internet — and if you are on the Internet, you are exposed to cybercrime. This is even more important for an SMB, which must invest in innovation while operating on a very limited budget.

For the aforementioned reasons, investing in security is vital.

The Cost of Security and Innovation for an SMB

It is important to consolidate the needs of innovation with the cost of upholding security, data resiliency and your infrastructure. Usually, the cloud is the answer, and the shift from an on-premises system to the cloud should be undertaken with attention to security.

In fact, once you decide to move some of your workload to the cloud, your cloud security could be considered even more secure than your on-premises systems if users and providers adapt the concept of security to the new delivery model. It is important that providers and users understand that the new concept for security needs to be flexible, not static. Like all cloud services, this concept needs to be more automatic and less manual.

In this case, the enterprise’s investments can be minimized, and the enterprise can rely on skills and technologies provided by vendors to provide those services. This is typical of cloud service providers for different types of workloads and security.

What to Consider When Moving to the Cloud

Understanding who is accessing the cloud from anywhere at any time is likely one of the biggest concerns for companies considering a move to the cloud. Inside an enterprise, identity and access management refers to identities and resources within the enterprise. When moving resources to the cloud, you risk losing control of who is accessing what. It is important to maintain a consistent level of control, even if you are accepting some natural standardization. It is also important to ensure the management of identities and resources in the public cloud is synchronized with the management of resources and identities inside the enterprise.

On the other hand, identity management is one workload that can typically be moved to the public cloud. Moving to the cloud can also let enterprises leverage different authentications that are already available. Therefore, moving to the cloud doesn’t just increase security; it may also reduce the cost of the service itself.

Preventing Against Exploits

How is it possible to fix vulnerabilities and defend against attacks before the vulnerabilities are exploited? Data is the element of the service that often represents the business and is typically the workload moved to the cloud. In this case, it is also important to assess the level of confidentiality the data should have and plan for maintaining that level of protection.

How can we obtain a comprehensive view of the cloud and traditional environments? Inside an enterprise, it is possible to control all the events and flows and relate them to possible offenses. But if some services are provided from the cloud? This implies that attacking a service provider is enough to attack the enterprise the contracted it. In this case, what is important is that events and flows from the cloud are integrated into the security intelligence framework designed for the enterprise.

Moving to the cloud is possible, and possibly more secure — just be sure to consider security during the shift.

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today