Nearly every company in the world is evaluating or deploying cloud solutions. While new software is written specifically for the cloud, many organizations have to migrate their existing applications in order to join cloud platforms. Companies turn to the cloud to reduce costs, streamline and reallocate staff, and increase efficiencies but still remain wary about the security of their applications.
One major challenge to enterprise adoption of cloud technologies has been the lack of visibility into the security of the platform. Cloud service providers are asked to ensure and continuously verify the effectiveness of their security strategies. When choosing a cloud service provider, security should always be a priority. Organizations should ensure that their provider can support their requirements with respect to security and compliance.
According to the latest report released by Alert Logic “State of Cloud Security Report,” web application attacks occurred more frequently among cloud providers than either enterprise environments or data center systems. Meanwhile, malware and botnet attacks were three times more likely to occur within data center environments than with cloud services.
Here are some key findings from the Alert Logic State of Cloud Security Report – Spring 2013 I find interesting:
- Among the six security incident categories examined, Web application attacks were the only threat category more prevalent in cloud hosting provider environments than in enterprise environments;
- The frequency of attacks experienced by enterprise data centers was higher than cloud hosting provider environments;
- The frequency of reconnaissance attacks was nearly 10 times higher in enterprise environments than observed in cloud environments.
- Data center environments experienced malware/botnet attacks nearly three times more frequently compared to the cloud;
- Attacks in enterprise data centers tend to be more sophisticated and targeted, versus cloud hosting provider environments. 49% of enterprise environments in the study experienced verified malware/botnet activity, compared to just 5% of cloud hosting provider environments.
Companies can mitigate the risks of cloud computing by developing a comprehensive risk assessment prior to choosing a provider and launching a service. Prospective adopters should properly analyze their options to be sure they follow ample security practices before making the leap to the cloud.
In order to ensure the highest standards of security for their customer data, cloud providers have to use worldwide security standards and follow industry best practices to keep data safe. However, companies should not forget that security is a shared responsibility between vendors and customers.
Photo source: http://www.sxc.hu/photo/1139314