Organizations have embraced cloud solutions at a phenomenal pace over the past couple of years. We are currently very much in the cloud revolution. When the adoption of such solution gains high momentum, issues and problems are an inescapable reality.
The same can be said about cloud computing, especially in the context of data security breaches that have rocked the IT world. At times, some organizations get far too carried away by the economic advantages of the public cloud that they may put the critical issue of data security on the backburner.
Public Cloud and Cyber Security
In the context of cyber security, the public cloud is not a very appropriate environment. Firstly, the public cloud uses a shared data storage model in which the data of multiple cloud tenants is stored at a single location. This does not mean that there is any overlap between the stored data but certainly raises concerns.
Then there is the internet that acts as an enabler of a public cloud network. The end user or cloud tenant interacts with and manipulates data over the public cloud via the internet. The internet is a very hostile environment if we look at it from a data security perspective.
Internet and Cyber Criminals
The internet is a major weak link in all public cloud infrastructures. A Cloud Service Provider (CSP) has and does employ cyber security protocols. The entire reputation of a CSP largely hinges on its track record of cyber security. CSPs also have the requisite human capital to incorporate data security protocols.
On the other end of the picture is the cloud tenant. Outsourced cloud solutions are secured on the basis of a shared responsibility model. In this arrangement, the security protocols at the CSP’s end alone are not sufficient to fully secure data over the public cloud.
The cloud tenant has to play its due part in securing the cloud network. The protocols at the tenant’s level include security of the login devices and the unique login credentials of each user of the cloud network. It is the middle ground of the internet where the bulk of cyber security threats lurk around.
Security Challenges over the Internet
The two biggest security challenges over the internet are anonymity and location masking. The internet is not as transparent as airport security which has become virtually impossible to circumvent. Over the internet, it’s just a walk in the part to be someone who you actually aren’t.
Another deadly weapon in the hands of cyber thugs is location masking. The perpetrator of a cyber-attack would be relaxing somewhere in the Bahamas whereas the location would be showing up somewhere in the UK. This is a daunting challenge for Law Enforcement Agencies (LEAs).
How do you tighten the noose around someone whose true identity and location are neither known, nor traceable? Even if the perpetrator of a cyber-attack is apprehended, there are countless jurisdictional challenges. The servers of dozens of countries or jurisdictions may been used in orchestrating the data breach.
In view of the above challenges, ransom ware attacks often culminate in the breached party ending up paying the ransom, although no one would admit it. Even otherwise, a ransom payment is easier to cover-up as compared to public legal proceedings. It is nothing short of a PR nightmare for the affected organization.
Statistics around Data Security Breaches
As if the above challenges were not enough to convey the point, let’s highlight a few mind boggling stats around cyber security breaches. These statistics will enable you to understand the gravity of the situation and take preemptive measures, before falling prey to the next cyber infiltration.
Number of Data Breaches in 2019
A whopping 3,800 incidents of data security breaches have been reported only in the first six months of the calendar year 2019. We are nearing the end of this year and the consolidated number for this year may be double of the above tally. Rest assured that the actual number of data breaches is even more than this.
The data breaches of only the first six months of year 2019 are 54% more than the previous year. This statistic pertains only to the reported incidents. This is a painful reminder of how vulnerable the public cloud infrastructure is in terms of cyber security.
The remarkable spike in data breach incidents is partly due to the speedy migration of companies to the public cloud providers. Another contributing factor is the challenges of any transition process, which is bound to be accompanied by errors and omissions.
Also Read: Protecting Your Business from Cyber Attacks
Time to Identify and Contain a Breach
This is yet another statistic that will blow your mind. We used to think that data breaches are identified instantaneously and the remedial measures would not take more than a few hours or days. Well, the stats are painting an entirely different picture.
On average, it takes a whopping 279 days to identify and contain a data breach which is an astonishingly high figure. Given the sensitivity of business critical data, that may also contain personal or confidential data, this statistic is too disturbing to fully absorb.
The greatest weapon of today’s cyber intruders is stealth. Once they gain access to a cloud based network, they will seamlessly blend with its routine traffic. There were certain cases in which the perpetrators of a cyber-attack even extracted the data from the cloud network in a pattern that was in line with the routine data transfers.
Even when an unauthorized infiltration has been detected, it is quite difficult or nearly impossible to retrace the paths of the perpetrator and contemplate the true extent of a data breach. This is more of a calculated assessment rather than a fully reliable piece of information.
Hardware Misconfigurations and Data Breaches
The security of a public cloud network is based on a shared responsibility model. There is a constant internal rift between the cloud solution provider (CSP) and cloud tenant on security and data related protocols. Most cloud users tend to seek waivers from their CSP or manage routing protocols in-house.
Many cloud tenants lack the requisite networking skills to manage such complex processes but insist on performing this role for the sake of operational efficiency. This often results in a misconfigured or loosely configured mechanism for managing network traffic.
These very loopholes are the window of opportunity for cyber infiltrators. They gain access to the internal networks of organizations and ultimately the cloud based solution as well. An alarming 36% of total data breaches of 2019 were attributed to errors and omissions in the configuration of cloud hardware.
The shared responsibility model also acts as a hurdle in determining the source of such a lapse because many functions are being performed in overlapping roles. Organizations that rely on the public cloud should have a zero tolerance policy for any compromise on security to achieve network efficiency.
Mergers and Acquisitions (M&A)
An M&A is otherwise a daunting challenge and if a cloud solution is also part of the equation, the situation is only going to get worse. M&As are driven by highly unrealistic deadlines and to meet those deadlines, the entities involved try to cut corners on many processes.
The highly critical phase of data integration is also among the casualties of the whole rush to get through with the process. The analysis of data breaches concerning recent M&A scenarios revealed this loophole. When integrating data, some segments of the data remained fully vulnerable over the public cloud and were up for grabs.
Unsecured segments of data, and those too over the public cloud, were sitting ducks for cyber thugs who inflicted a lot of damage on companies that had recently undergone M&A. It is imperative that the data integration strategy features among the top most priorities for the overall plan.
The alarming statistics presented above are a stark reminder of the challenges surrounding cloud solutions in general and public cloud networks in particular. Instead of getting intimated by these figures, these should be embraced as a challenge by an organization that has moved or is planning to migrate to the cloud.
An important factor to ensure a smooth and secure cloud experience is selecting the right solution provider. After that comes the daunting challenge of smooth transition to the cloud. What’s important is that there should be no compromise whatsoever on security in favor of process efficiency.
No cloud based solution is perfectly impervious to a cyber-attack. However, cloud employing organizations can greatly mitigate cyber security challenges. What a moment of organizational achievement would it be that an entity is not among the ranks of those who were the victim of a successful cyber infiltration.