It’s not news that businesses are moving more of their data to the cloud. But even as cloud storage and computing have hit the mainstream, there are a lot of questions around the public cloud – ones that not everyone is asking.
For Mark Russinovich, technical fellow of Microsoft Corp.’s Windows Azure cloud platform group, the public cloud has helped businesses grow, but there are still many concerns for data security and privacy. He pulled together a list of 10 concerns that security professionals should consider when putting their organization’s data into a public cloud.
“We’ve coined a name for this – ‘cloud critical’ bugs,” said Russinovich, speaking from a session at the RSA conference in San Francisco on Wednesday. “The cloud is at a much higher risk of exploitation, because there’s a lot of diverse data from businesses and industries.”Here’s a roundup counting down 10 concerns he has with the public cloud.
10. Shared technology vulnerabilities
For Russinovich, one of the difficulties of the public cloud is that everyone using it has shared technology vulnerabilities. If a breach of the cloud happens it would look bad for every cloud vendor.
“We’d be notifying people, cleaning up, and bringing things back online,” he said. “But to customers, it’d be a big public cloud fail.”
For one thing, there’s no firewall attached to the public cloud, and there’s a huge variety of data in the public cloud up for grabs if hackers gain access to it.
Luckily, however, the public cloud is better at responding to threats, since most providers recognize how risky it would be to fail to defend it. Providers can’t wait for patches if they know about a vulnerability – instead, they need to automate software deployment, ensure they have strong detection tools for breaches, and are able to preserve their customers’ trust.
9. Insufficient due diligence
There’s a lot of talk nowadays about shadow IT, where employees come up with their own IT solutions and bring them to work. One of the most popular of these is the cloud. Russinovich said he’d even like to coin a phrase for it – he’d name it BYOIT – bring-your-own-IT.
IT departments need to ensure staff are complying with security best practices, he added.
8. Abuse of cloud services
While having a public cloud can be helpful, businesses run the risk of attackers taking it over and using it as a malware platform, or becoming botmasters taking advantage of trusted IP addresses.
The public cloud can also be used as storage for illegal content, like copyrighted content being stored through Pirate Bay, or inappropriate content like pornography, Russinovich added. And increasingly, security professionals might see people using the public cloud to mine Bitcoin.
To read more, click below