The cloud is propelling a new and exciting revolution for the information-driven economy. Organizations are rapidly activating an increasingly diverse portfolio of cloud-enabled business capabilities that open the door for how cloud security is handled.
As cloud adoption grows, companies need to manage and control more and more critical resources, such as applications, data and intelligent business systems, which all reside in different cloud infrastructures and platforms and are sourced both internally and externally.
Often, more than one single cloud is utilized; in fact, there is a plurality of different types and choices, such as the public cloud, private cloud, virtual private cloud, hybrid cloud and multi-cloud.
This transformational shift in both technology- and intelligence-driven business agility is truly exciting, especially when it comes to security. Just as business is being transformed by the cloud, so is information security. In this year alone, there has been a rapidly growing number of high-profile, sophisticated attacks on major websites, retailers, media organizations and technology companies.
The reality is that most of the companies were, in fact, compliant and thought they had robust security programs already in place. However, it is evident that sophisticated attackers break through conventional safeguards every day. Being compliant is not the same as being protected.
Cybercriminals and the Cloud
The cloud is not only benefiting growing businesses — cybercriminals are moving in to take advantage of its benefits as well. The cloud offers greatly reduced costs for accessing elastic and agile computing infrastructures. It provides convenient access to attack resources, botnet command and control servers and hacking tools that can be ordered online and consumed on demand. There is a thriving underground ecosystem for cybercriminals fueled by the very same technologies that make the cloud so attractive to businesses.
Cybercriminals’ methods are extremely targeted — they use specialized search engines, databases and social media to track down people with access, take advantage of their trust and exploit them as vulnerabilities using automated, hosted attack platforms and on-demand exploit skills. Adversaries are moving at a much faster pace than traditional security measures.
Improving Cloud Security
Using the cloud is an opportunity for organizations to get ahead of the threat by moving from today’s slow, static and manual management of security to a more automated, dynamic and software-driven management of security and compliance that is capable of meeting the growing number of sophisticated threats.
With the right strategy, cloud security is not only achievable, but also an opportunity to drive business, improve efficiencies, lower operating costs and reduce risk.
Cloud security strategies have to encompass all levels, from infrastructure-as-a-service and platform-as-a-service to software-as-a-service. They have to be sufficiently comprehensive, spanning all aspects of technology, processes and people with complete visibility across all aspects of operational risk in the cloud.
Your cloud security strategy should be proactive, strive to discover vulnerabilities and use security data to pinpoint where trouble spots lie, where sensitive data is stored, where excessive privileges can lead to trouble and where compliance is not in order.
Additionally, cloud security solutions should be intelligent and automated, and activities — including remediation and mitigation — need to be driven by integrating security data, threat intelligence and analysis with software and other automation techniques for speed, accuracy and efficiency.
Your cloud strategy must be robust and managed 24/7 by security experts. Even with all the intelligent technology behind your cloud-enabled business, it will fall to the human experts to help support critical decision-making that will make all the difference in effectively responding to and mitigating challenging security threats.
Global Strategist, Cloud Security Services
Sharon is a recognized cyber security expert responsible for managing IBM’s key global strategies, capabilities and offerings for IBM Cloud Security Servic...