Security and the Cloud: Perils and Protections for Small Business

Small business owners and IT executives and security personnel must address the key security challenges. 

External cloud solutions can be more secure than internal ones or one’s current data center environment, but that is not a given or guarantee. One cannot leave security solely up to the cloud service provider (CSP) – it has to be a joint effort. Furthermore, security accountability always remains with the user entity, regardless of the firm(s) responsible for providing the platforms. Small business owners and IT executives, auditors, and security personnel must address the key security challenges and validate that the company is protected and risks are mitigated as best as possible.

The “Death by Cloud” blogs outlined several key challenges to companies small and large seeking to exploit cloud computing successfully. Herein are some top cloud security challenges and recommendations for how to cope with them.

Small Business Cloud Security Perils

In March 2016, the Cloud Security Alliance released a list of what it called the “Treacherous 12,” the top 12 security threats to cloud computing facing organizations in 2016.

Here are those threats, as reported by CIO.com:

1. Data breaches
2. Compromised credentials and broken authentication
3. Hacked application programming interfaces (APIs) and other interfaces
4. Exploited system vulnerabilities
5. Hijacked legitimate accounts
6. Malicious insiders
7. Advanced persistent threats (APTs)
8. Permanent data loss
9. Inadequate diligence
10. Cloud service abuses
11. Denial of service (DoS) attacks
12. Vulnerabilities of cloud service providers’ shared infrastructures and resources

In July 2015, Intel Security (formerly McAfee) commissioned a survey of 1,200 IT decision-makers with responsibility for cloud security. Respondents were asked about the issues their organizations had faced with cloud service providers.

Figure 1 below summarizes their responses.

Securing the Cloud

In the “Death by Cloud” blogs to plan and prepare for cloud-instigated changes and challenges, I recommended that IT and development managers focus on four areas: automation, orchestration, standardization, and culture and process change. Small business owners and enterprise IT decision-makers alike would do well to adopt a set of focal points similar to those mentioned above where security is concerned.

Here are the four focal points:

1.   Automation

Can ease, speed, and improve the execution of frequently repeated, mundane, necessary tasks, ranging from deployment of operating system and application patches to rollouts of new software.

2.   Orchestration

Can help to ensure that effective security policies and practices are implemented and executed consistently across the entire IT infrastructure, on-premise and in the cloud.

3.   Standardization

Of hardware and software configurations can make it easier to automate and orchestrate security efforts, and to identify and mitigate threats.

Next- Focal point #4 and In Depth Takeaway