Cloud security is the technologies and methods used to protect data and digital assets stored online. Cloud security tools and technologies include conventional IT security approaches based on penetration testing, gateways and firewalls, but increasingly involve network security approaches including malware mitigation, threat protection, and advanced DNS protection. The evolving strategies for cloud security have largely been shaped by the constantly changing nature of online threats. Where IT security decision makers once were largely concerned with securing SaaS applications such as Salesforce or online file shares like Dropbox, today the focus is centered on attackers who relentlessly work to exploit vulnerabilities in developer tools, containers, code repositories and cloud platforms. In the same way, cloud security imperatives have shifted from protecting personal data stored online from exploitation by identity thieves, to preventing distributed denial of service (DDoS) attacks, credential theft, ransomware events, and account hijacking where hackers divert cloud resources for bitcoin mining or other illicit activities.
This change in cloud security focus and priorities reflects the tremendous expansion in cloud computing overall. Gartner predicts revenues for worldwide public cloud services will grow from $196 billion in 2018 to more than $354 billion by 2022. The complexity of cloud deployments is increasing as well. In a recent global survey of IT decision makers, 85% of respondents selected hybrid cloud as their ideal IT operating model, indicating a strong preference for an IT approach combining private and public cloud environments. Implementing effective cloud security measures in these kinds of environments, where enterprise data and processing loads can be spread across on-premises and multiple commercial cloud services, requires close coordination between in-house security professionals, and their security counterparts at cloud providers such as AWS, Azure, Google Cloud, IBM Cloud and others. But the challenge isn’t simply that organizations have shifted from an on-premises model where CSOs and their teams could exert tight security control over core operational systems in the data center, to a cloud model where they’re more reliant on the security measures native to the cloud environments of choice. The cloud security challenge is much broader and more nuanced.
Cloud Security Risk Factors: Continuous Development, Remote Workforces
Driven by Digital Transformation, increasing numbers of organizations have moved software and product development operations to the cloud. Continuous integration and continuous delivery (CI/CD) is the new normal. The growing reliance on CI/CD pipeline and provisioning tools, and container-orchestration environments, has opened up any number of new cloud security vulnerabilities. The Docker breach of Spring 2019, where user credentials for nearly 200,000 users were exposed, is just one of many examples where initial attacks led to a potential cascade of downstream vulnerabilities.
Another major cloud security challenge that’s come into focus is the threat posed by remote workforces. Gartner predicts that by 2019, 57 percent of workers will work remotely, mostly from home office environments. Rapidly escalating malware and ransomware attacks pose an enormous risk here, as a single infected or poorly managed laptop or other endpoint can expose an entire organization to crippling attacks or downtime.
Democratizing Cloud Security
There’s a growing consensus among cloud security thought leaders that responsibility for security in cloud environments must necessarily be embraced by everyone within an organization. To paraphrase the remarks of Steve Schmidt, vice president and chief information security officer at AWS from the re:INFORCE 2019 conference:
Cloud security should be an enterprise-wide concern, not something left in the hands of a security team. The protection of an organization’s data and workloads needs to be at the forefront of everyone’s thinking, from developers as they build applications to the general workforce to high-level executives overseeing the future of the company.
LEARN MORE ABOUT CLOUD SECURITY AND RELATED TECHNOLOGIES
- Captive Portal (Authenticated DHCP) – Solution Note
- Managing Microsoft DNS/DHCP Infrastructure – Solution Note
FROM THE INFOBLOX COMMUNITY
Infoblox is leading the way to next-level DDI with its Secure Cloud-Managed Network Services. Infoblox brings next-level security, reliability, and automation to on-premises, cloud and hybrid networks, setting customers on a path to a single pane of glass for network management. The recognized industry leader, Infoblox has over 8,000 customers, including 350 of the Fortune 500.