Ensuring Your Data's Safety: Why Relinquishing Cloud Security to Providers Is Risky
Ensuring Your Data’s Safety: Why Relinquishing Cloud Security to Providers Is Risky
Cloud computing: Top risks and threats
Cloud computing: Top risks and threats
Video Player is loading.
Play Video
PlaySkip BackwardSkip ForwardNext playlist item
Mute
Current Time 0:00
/
Duration 1:41
Loaded: 5.81%
0:00
Stream Type LIVE
Seek to live, currently behind liveLIVE
Remaining Time -1:41
1x
Playback Rate
Chapters
- Chapters
Descriptions
- descriptions off, selected
Captions
- captions settings, opens captions settings dialog
- captions off, selected
Share
Audio Track
- en (Main), selected
Fullscreen
This is a modal window.
Beginning of dialog window. Escape will cancel and close the window.
TextColorWhiteBlackRedGreenBlueYellowMagentaCyanOpacityOpaqueSemi-Transparent
Text BackgroundColorBlackWhiteRedGreenBlueYellowMagentaCyanOpacityOpaqueSemi-TransparentTransparent
Caption Area BackgroundColorBlackWhiteRedGreenBlueYellowMagentaCyanOpacityTransparentSemi-TransparentOpaque
Font Size50%75%100%125%150%175%200%300%400%
Text Edge StyleNoneRaisedDepressedUniformDrop shadow
Font FamilyProportional Sans-SerifMonospace Sans-SerifProportional SerifMonospace SerifCasualScriptSmall Caps
ResetDone
Close Modal Dialog
End of dialog window.
Close Modal Dialog
This is a modal window. This modal can be closed by pressing the Escape key or activating the close button.
This is a modal window. This modal can be closed by pressing the Escape key or activating the close button.
Share: Are you prepared for the future of AI, automation, and jobs?
Direct LinkEmbed Code
Close Modal Dialog
As cloud rises to encompass to more corporate applications, data and processes, there’s potential for end-users to outsource their security to providers as well.
Cloud
- What is digital transformation? Everything you need to know
- The best cloud providers compared: AWS, Azure, Google Cloud, and more
- The top 6 cheap web hosting services: Find an affordable option
- What is cloud computing? Here’s everything you need to know
The need to take control of security and not turn ultimate responsibility over to cloud providers is taking hold among many enterprises, an industry survey suggests. The Cloud Security Alliance, which released its survey of 241 industry experts, identified an “Egregious 11” cloud security issues .
The survey’s authors point out that many of this year’s most pressing issues put the onus of security on end user companies, versus relying on service providers. “We noticed a drop in ranking of traditional cloud security issues under the responsibility of cloud service providers. Concerns such as denial of service, shared technology vulnerabilities, and CSP data loss and system vulnerabilities – which all featured in the previous ‘Treacherous 12’ – were now rated so low they have been excluded in this report. These omissions suggest that traditional security issues under the responsibility of the CSP seem to be less of a concern. Instead, we’re seeing more of a need to address security issues that are situated higher up the technology stack that are the result of senior management decisions.”
This aligns with another recent survey from Forbes Insights and VMware , which finds that proactive companies are resisting the temptation to turn security over to their cloud providers – only 31% of leaders report turning over many security measures to cloud providers. (I helped design and author the survey report.) Still, 94% are employing cloud services for some aspects of security.
The latest CSA report highlights this year’s leading concerns:
1. Data breaches. “Data is becoming the main target of cyber attacks,”.the report’s authors point out. “Defining the business value of data and the impact of its loss is essential important for organizations that own or process data.” In addition, “protecting data is evolving into a question of who has access to it,” they add. “Encryption techniques can help protect data, but negatively impacts system performance while making applications less user-friendly.”
2. Misconfiguration and inadequate change control. “Cloud-based resources are highly complex and dynamic, making them challenging to configure. Traditional controls and change management approaches are not effective in the cloud.” The authors state “companies should embrace automation and employ technologies that scan continuously for misconfigured resources and remediate problems in real time.”
3. Lack of cloud security architecture and strategy. “Ensure security architecture aligns with business goals and objectives. Develop and implement a security architecture framework.”
4. Insufficient identity, credential, access and key management. “Secure accounts, inclusive to two-factor authentication and limited use of root accounts. Practice the strictest identity and access controls for cloud users and identities.”
5. Account hijacking. This is a threat that must be taken seriously. “Defense-in-depth and IAM controls are key in mitigating account hijacking.”
6. Insider threat. “Taking measures to minimize insider negligence can help mitigate the consequences of insider threats. Provide training to your security teams to properly install, configure, and monitor your computer systems, networks, mobile devices, and backup devices.” The CSA authors also urge “regular employee training awareness. Provide training to your regular employees to inform them how to handle security risks, such as phishing and protecting corporate data they carry outside the company on laptops and mobile devices.”
7. Insecure interfaces and APIs. “Practice good API hygiene. Good practice includes diligent oversight of items such as inventory, testing, auditing, and abnormal activity protections.” Also, “consider using standard and open API frameworks (e.g., Open Cloud Computing Interface (OCCI) and Cloud Infrastructure Management Interface (CIMI)).”
8. Weak control plane. “The cloud customer should perform due diligence and determine if the cloud service they intend to use possesses an adequate control plane.”
9. Metastructure and applistructure failures. “Cloud service providers must offer visibility and expose mitigations to counteract the cloud’s inherent lack of transparency for tenants. All CSPs should conduct penetration testing and provide findings to customers.”
10. Limited cloud usage visibility. “Mitigating risks starts with the development of a complete cloud visibility effort from the top down. Mandate companywide training on accepted cloud usage policies and enforcement thereof. All non-approved cloud services must be reviewed and approved by the cloud security architect or third-party risk management.”
11. Abuse and nefarious use of cloud services. “Enterprises should monitor their employees in the cloud, as traditional mechanisms are unable to mitigate the risks posed by cloud service usage.”
Featured
How to disable ACR (and greatly reduce ads) on every TV model - and why you should
I replaced my Samsung Galaxy S24 Ultra with the Pixel 9 Pro XL for two weeks - and can’t go back
Linus Torvalds talks AI, Rust adoption, and why the Linux kernel is ‘the only thing that matters’
The best mini PCs you can buy: Expert recommended
- How to disable ACR (and greatly reduce ads) on every TV model - and why you should
- I replaced my Samsung Galaxy S24 Ultra with the Pixel 9 Pro XL for two weeks - and can’t go back
- Linus Torvalds talks AI, Rust adoption, and why the Linux kernel is ‘the only thing that matters’
- The best mini PCs you can buy: Expert recommended
Also read:
- [New] 2024 Approved Maximizing Impact with Tailored Youtube Cards and Ends
- [New] The Seamless Shift An Introduction to Crossfades
- [New] Transform Your TikTok Experience with New User Numbers
- [New] Ultimate Strategies Pinterest to MP3 Migration Guide
- [Updated] Shrinking or Enlarging Images on Your iPhone Effortlessly for 2024
- 2024 Approved Smart Shopping Guide to Best 5K Screens #8
- 2024 Approved Steps to Restore OBS Fullscreen
- 2024 Approved Superior Choice of Steadicams for Drone Video Shootings
- Free Thumbnail Extract From YouTube Videos Today!
- In 2024, Taking Command with Custom Character Sounds in Free Fire - No Expense Involved
- In 2024, Transforming Raw Footage An In-Depth Guide to Applying LUT Filters in OBS Studio
- In 2024, Unleash Your Audio Potential Pazera's Free Tool Review
- Re-Engaging Lost LAN Discovery on Windows
- Simple and Effective Ways to Change Your Country on YouTube App Of your Lava Blaze 2 5G | Dr.fone
- The Magnificent Art of Pokemon Go Streaming On Nubia Red Magic 9 Pro+? | Dr.fone
- The Prime Picks Best Storytelling Channels Fans for 2024
- 무료 인터넷 속 WAV/OGG 코어 변환기 - Movavi 제공
- Title: Ensuring Your Data's Safety: Why Relinquishing Cloud Security to Providers Is Risky
- Author: Donald
- Created at : 2024-12-26 16:54:43
- Updated at : 2024-12-27 16:14:44
- Link: https://some-tips.techidaily.com/ensuring-your-datas-safety-why-relinquishing-cloud-security-to-providers-is-risky/
- License: This work is licensed under CC BY-NC-SA 4.0.