Why in-the-know businesses are abandoning vulnerable on-site computing
Who could have predicted that a little worm could cause billions of dollars in damages? Probably not businesses that were using on-site computing in May 2017. That’s when the WannaCry ransomware cryptoworm attack hit PCs in countries and business around the world. The worm wiggled past older Window systems where IT security administrators had failed to apply Microsoft patches and took advantage of backdoors on infected systems. The attack is estimated to have affected more than 200,000 computers across 150 countries, with total damages ranging from hundreds of millions to billions of dollars.
Later that year, a data breach at Equifax affected about 148 million of its consumers, or about half the U.S. population. Hackers made off with Social Security numbers, birth dates and addresses—enough information to steal a person’s identity. The culprit? An unpatched vulnerability in Apache Struts, used to support an online dispute portal.
Still, couldn’t this happen in the cloud as well?
It’s unlikely with the right expertise. Today over 90% of enterprises in the U.S. use the cloud and IT pros firmly agree—cloud security is preferred over on-premises operations for protecting data and systems. Here’s why:
1. Most security mistakes are in-house
Gartner predicts that 95% of cloud security failures from now until 2020 will be the customer’s fault. The biggest cloud security threats for most companies result from in-house staff mistakes, lack of patching and misconfiguration. For example, Symantec says so-called phishing rates are growing across most industries and organization sizes, and that 76% of businesses reported being a victim last year. The challenge exists not in the security of the cloud itself, but in the policies and technologies for security and control of the technology. Portions of the cloud stacked under customer control can still be made vulnerable by inexperienced users with poor cloud “hygiene,” prompting widespread security or compliance failures.
2. A locked door isn’t enough
We all know that businesses still rely on legacy systems today, often using them in tandem with cloud infrastructure and backup and recovery services. But these on-premises systems are increasingly vulnerable to hackers. In many offices, the only thing between IT equipment, data and bad actors is a locked door.
Another issue that plagues on-prem security is a skills shortage. A new report from McAfee reveals that one in four organizations using Infrastructure as a Service (IaaS) or Software as a Service (SaaS) have experienced cybersecurity threats that compromised some data. One in five were infiltrated by advanced attackers targeting their public cloud infrastructure. InfoWorld cloud expert John Linthicum goes as far as to say having poor talent is worse than not having the talent at all, and too many enterprises lack both the skills and experience for cloud security.
On-premises cloud security continues to be a huge drain on management time, attention and budgets. Today it’s no longer just a technology issue, but a business and brand issue as well. Corporate boardrooms tasked with risk management have been riveted by the impact of high-visibility attacks, with many CEOs and IT leaders losing their jobs. Smaller companies face an even bigger challenge as the security landscape continues to change at an incredibly rapid pace.
3. Public cloud security = Multi-layered security
Public cloud security is a formidable adversary for hackers because they spend an enormous amount of resources on ensuring that their services are secure. The computing infrastructure itself contains customized hardware and firmware components with built-in protections against distributed denial of service (DDoS) and the operational capacity to scale to the largest workloads.
Cloud providers also maintain large dedicated security teams staffed by top experts in information-, application-, and network security and privacy. They maintain strict data disposal policies where disks are logically wiped clean by authorized individuals and facilities are audited on a weekly basis to monitor compliance with the disk erase policy.
As public cloud becomes a more and more attractive option for transforming their businesses, stakeholders and users must remember that cloud security is a shared responsibility model between providers and customers. The question today is not about whether public cloud is secure or not, but whether organizations have developed an enterprise cloud strategy that helps them use the cloud securely.
At Dev9 (a Nortal company), we understand security is a No. 1 concern of customers moving to the cloud. We partner with both AWS and Google and provide the needed expertise to identify, develop and implement strategies that will better secure your public-cloud environment and your business.
To learn more about ensuring security in the cloud, contact us at email@example.com.