Criminals go where they can do the most damage with minimal effort. It’s why, for years, hackers targeted Windows rather than Macs – it was where the users, and in turn the data, were. And now we’re seeing a steady migration from one platform to the next as popularity grows. Hackers moved from Windows to Apple’s OS to mobile. Now, unsurprisingly, they are targeting the cloud.
According to new research from Alert Logic, there has been a 45 percent year-over-year increase in attacks on the cloud. In its Cloud Security Report 2015, the researchers pointed out that nearly 90 percent of companies are now utilizing cloud computing, meaning more people than ever are turning to the cloud. And that means hackers now have an even greater pool from which to steal information.
And as Rahul Bakshi, Alert Logic's senior director of product management, stated in CSO, the more workflow is put into the cloud, the bigger the target it becomes. He added:
And web applications are target-rich. There are fantastic applications that are being developed for the cloud that make our lives easier, and have great functionality and user experience. But often, there's not enough security built into these applications.
Security has always been the cloud’s weakest selling point, and unfortunately, this study justifies those concerns. However, at the same time, a new Dell study found that companies adopting cloud computing have tremendous growth potential. According to TheWhir.com:
[The survey] shows that companies which have adopted “on-premises cloud” have 46 percent higher growth rates, and those with “off-premises cloud” have 51 percent higher growth than those without.
So how do you reconcile that the cloud is good for your business and very attractive to hackers? It all comes down to layers. The layered approach used to secure your networks is the same type of approach needed to protect the cloud. As the researchers with Alert Logic suggested, it is just as important to provide security specific to software-as-a-service as it is to provide security for the infrastructure. It’s also important to lay down specific groundwork on what responsibility the cloud provider has in providing security and what the company itself must address so there is no ambiguity. As Will Semple, vice president of security services for Alert Logic, told Computing:
The key to protecting your critical data is being knowledgeable about how and where along the 'cyber kill chain' attackers infiltrate systems and to employ the right security tools, practices and resource investment to combat them.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba