Premium Cloud Services with Access Security Embedded
By: Ali Gomulu
Cloud computing providers can offer more secure access by working with network transmission partners, or offering their own connectivity services – the ante? Access management.
The movement of enterprise and service providers to the cloud is clear, but we are starting to see hesitation based on security issues slow down cloud adoption, after a series of attacks curbed the enthusiasm and drove cloud thinking into a more practical space.
Organizations are now slowing down – but only a little given the clear benefits of cloud computing and cloud communications – to assess and develop cloud security strategies. This includes Communications Service Providers as well as Cloud Service Providers, Applications Service Providers, and Internet Service Providers, who are relying more on the cloud as well as collaborative applications made possible by the cloud and the growth of the API economy.
In January 2018, RightScale surveyed 997 technical professionals, across a broad cross-section of organizations, about their adoption of cloud computing and shared several key findings:
- 81 percent of respondents have a multi-cloud strategy.
- Enterprises with a hybrid strategy (combining public and private clouds) fell from 58 percent in 2017 to 51 percent in 2018, while organizations with a strategy of multiple public clouds or multiple private clouds grew slightly.
- 96 percent of respondents now use the cloud, with public cloud adoption increasing to 92 percent from 89 percent in 2017, and private cloud adoption increased to 75 percent from 72 percent in 2017.
- More enterprises are prioritizing public cloud in 2018, up from 29 percent in 2017, to 38 percent in 2018.
- Organizations leverage almost 5 clouds on average, with respondents already running applications in 3.1 clouds and experimenting with 1.7 more, for a total of 4.8 clouds.
- Enterprise cloud spend is significant and growing quickly, with 26 percent of enterprises spending more than $6 million a year on public cloud, and 20 percent of enterprises planning to more than double public cloud spend in 2018.
- Enterprise central IT teams shift roles to governance and brokering cloud, with IT taking a stronger cloud governance role in advising on which apps move to cloud (69 percent vs. 63 percent in 2017), managing costs (64 percent vs. 55 percent), setting policies (60 percent vs. 58 percent), and brokering cloud services (60 percent vs. 54 percent).
But the data which may be most significant is found in challenges associated with securing cloud environments. Security is a challenge for 77 percent of respondents, while 29 percent see it as a significant challenge.
Also shared in the RightScale annual survey, notably 1 in 4 organizations who use Infrastructure-as-a-Service (IaaS) or Software-as-a-Service (SaaS) have had data stolen, and 1 in 5 have experienced an advanced attack against their public cloud infrastructure.
And as organizations respond to the European Union’s General Data Protection Regulation (GDPR) and other large regulatory changes, concerns about securing the cloud were prominent.
CISOs are working hard and fast to keep up, and to stay abreast of more value to be found in the cloud, through advances such as the use of containers and serverless computing.
Containers (e.g. Docker and Lynx) and serverless computing options have grown rapidly in popularity over the past few years, with around 80% of those surveyed by RightScale using or experimenting with them. However, only 66% have a strategy to apply security to containers, and similarly, only 65% have a strategy to apply security to serverless computing, creating a significant gap in security coverage specifically associated with Privileged Access Management (PAM).
With a growing number of organizations storing some or all of their sensitive data in the public cloud, managing the risk of storing sensitive data in the cloud means ensuring that the organization must have software in place and a governance model to ensure only authorized individuals have access and can participate in setting and changing policy.
Given that a growing percentage of data theft and data loss occurs based on internal issues, more and more enterprises and service providers are building up cloud access security systems in order to protect:
- Personal Identifiable Information (PII)
- Payment card information
- Conﬁdential meeting minutes and other internally sensitive information
- Employee information
- Bank details
- Government identiﬁcation information
- Product development and management documentation
- Intellectual property
- Healthcare records
- Network passwords
- And more…
While the benefits of the cloud still outweigh the risks, it is precisely when we start to “trust the cloud” that more vulnerabilities and attacks will take place, more now than they did last year, even after a wide range of publicized security incidents.
With a solid PAM strategy and technology, like that which ironsphere provides in the most comprehensive and cost-efficient platform in the market today, the logical division of roles and shared responsibilities, for example communications and cloud providers covering security of the network and cloud, and customers covering the security of their data and information, we really can get to a full-trust cloud computing and communications world.
We have all found ourselves in a different world of work given the events that have defined 2020, and few professionals are feeling the pressure more than IT and OT teams.
Just as cyber risks evolve, the evolution of risk appetite frameworks is more active than ever. With more sophisticated adversaries, more digital transformation initiatives, more mobile works, ecosystem partnerships and connectivity to multiple clouds and services, enlightened management teams and their boards are updating their levels of “risk tolerance.”
Two-factor authentication has been around for decades – requiring an additional step between entering a username and password, for example, then entering a one-time security code sent to a mobile device – to access applications, systems and data.