Cloud cybersecurity — or a lack of it — is feeding a frenzy of companies out of the public cloud. A similar concern about managing compliance obligations is keeping organizations from moving to the cloud in general.
However, much of the growing concerns over cloud cybersecurity result from experiences with public and private cloud platforms. A trend toward hybrid cloud computing could be an approach to better ensure data security, according to cybersecurity researchers.
Several cybersecurity reports raise concerns about confidence in cloud providers’ abilities to adequately protect users from data breaches, maintain visibility and security controls. The reports raise questions about deciding to use public or private cloud platforms or going to hybrid cloud use to supplement existing on-premises datacenters.
A report that Accurics published in late February shows it takes 25 days on average for companies to fix cloud infrastructure misconfigurations.
That report also reveals that 10 percent of enterprises pay for advanced cloud security capabilities that are never enabled, while 35 percent of organizations struggle with improper use of role-based access controls in the cloud which result in roles with too many permissions.
Results also show that nearly a quarter of all violations correspond to poorly configured managed infrastructure services offerings. This makes it easier for attackers to discover an organization’s services, read their data, and potentially make modifications. Now watering hole attack are emerging in the cloud, where they can cause much more damage than in on-premises environments.
Remote Work Increased Risk
Many companies had already begun their digital transformations ahead of the pandemic. Meanwhile, UK-based NTT’s Hybrid Cloud Report found that Covid-19 accelerated this transition to cloud storage and remote computing. It revealed glaring deficiencies in cloud infrastructure, security, and network architecture capabilities.
The issues today are legion in protecting against cybersecurity. Security measures have become a heightened priority thanks to Covid-19, according to Dov Lerner, security research lead at Cybersixgill.
“The immediate shift to remote work across the world increased the risk of cyberexposure, as people began using home networks for work. A typical organization’s threat surface has expanded tremendously, so a robust and complex cybersecurity program is critical,” he told bluehillco.
Threat actors are able to immediately capitalize on these new vulnerabilities created by remote work. Using Dark Web forums and messaging platforms, they can coordinate to share tools, services, and expertise. These all enable faster and more sophisticated attacks, he added.
Cloud Security Sometimes Hazy
Cybersecurity is a key consideration for business leaders. Nine in 10 decisions about cloud migration involve the CISO/cybersecurity team in the cloud decision-making process, according to NTT’s research.
The company surveyed 950 decision-makers in 13 countries across five regions. That report showed 61 percent of the responding companies say security and compliance are critical and the first consideration in hybrid cloud planning.
Other study results show a lack of visibility and control exists. In the last 12 months, one-third of organizations migrated applications or data from public cloud to private or non-cloud environments. Nearly one-third blame security breaches as the main driver for migrating from public to private cloud or a non-cloud environment.
Fixing the cloud security shortcomings highlighted in the reports may be more aligned with improving cloud adoption practices, suggested Michael Ritchken, principal consultant at NTT. In fact, he would not call them shortcomings so much as adoption challenges.
“The adoption of any new technology, such as hybrid cloud platforms, involves challenges to overcome, such as knowledge, people, process, and tools,” he told bluehillco.
NTT’s report also found that network performance and a shortage of skills were also regarded as sizable barriers to hybrid cloud adoption. Both, if not appropriately addressed when implementing the cloud, could undo the benefits it offers.
Much of the focus of the NTT report is on the benefits of hybrid cloud adoption as a solution to general cloud trouble spots. The report sees both a need and key benefits for hybrid cloud adoption over the other data storage options.
Both need and benefits have been accepted in the market, and adoption is increasing, noted Ritchken. Enterprises that have not yet adopted a Hybrid Cloud Platform model, have plans to begin their adoption journey over the next 12 months.
“Overcoming management, data security, governance and technical challenges are among the key concerns and obstacles organizations have identified as inhibiting their plans to adopt Hybrid Cloud Platforms,” he confirmed.
Cost and operational efficiencies top the list of hybrid cloud adoption over other cloud platforms. They are driving the interest in adoption.
“I expect to see the adoption of hybrid cloud platforms continue to accelerate in the next few years,” Ritchken predicted.
What’s the Difference?
Organizations can choose from numerous cloud computing platforms for the delivery of IT applications. They may deliver services to customers or facilitate business operations. Two major categories of cloud platforms are public cloud and private cloud.
The most well-known public cloud platforms are Amazon (AWS), Microsoft (Azure and O365) and Google (GCP and Google Workspace). Collectively they are referred to as “hyperscaler cloud providers” or “hyperscalers” due to their massive scale of operations.
Private cloud platforms leverage similar technologies in terms of their architecture and programmability. But they are private in terms of their being utilized by a single organizational entity, explained Ritchken.
The term hybrid cloud refers to the adoption of multiple cloud platforms. They achieve optimal delivery of IT applications to maximize business advantage.
“With appropriate application best fit analysis, the adoption of hyperscaler and private cloud platforms, interconnected to provide a seamless application delivery infrastructure fabric, can deliver significant benefits to the business from the perspective of IT application and service delivery,” he said.
Another significant difference between the public and private cloud platforms is the potential difference in the commercial models available. For instance, hyperscaler platforms conform to consumptive-based financial models where the customer pays for what they use on an operating expense (OpEx) basis. Private cloud platforms can be procured in many different commercial models, across OpEx, capital expenditures (CapEx), and a hybrid commercial model.
“Ultimately, the quest to achieve optimal delivery of IT applications and services at the speed of the business is and will be the engine driving hybrid cloud platform adoption,” said Ritchken.
Troubled Migration Initiatives
Before Covid-19, many companies had embarked on digital transformation journeys. But the pandemic highlighted that many cloud adoptions were not as agile as the firms using them had previously thought. The pandemic laid bare deficiencies in businesses’ cloud infrastructure, security, and network architecture capabilities. Combined, these issues hindered their ability to adapt and remain agile, according to the research.
The NTT report found that the pandemic forced businesses to rely on technology more than ever before. The benefits of hybrid clouds are already clear. Some 61 percent of organizations globally are already using or piloting, hybrid cloud.
Hybrid cloud is the future: The study found that a further 32.7 percent of respondents plan to implement a hybrid solution within 12 to 24 months. It is clear that hybrid cloud is now seen as critical to data-driven processes and real-time decisions both now and in the future.
When implemented correctly, hybrid cloud drives efficiencies. The report found that a more efficient total cost of IT operations is the biggest driver (41.3 percent) of hybrid cloud adoption. That is significant, given the shift to a distributed workforce model where businesses now need to access data and applications in new, different, and often complex ways.
Businesses, however, need to implement a hybrid cloud in a way that will optimize environments to maximize efficiencies. This is why over half of organizations (52.7 percent) strongly agree on the need to engage with experts, such as managed cloud providers.
“To overcome the list of challenges, organizations are turning to partners for assistance in navigating and traveling the journey to hybrid cloud adoption,” Ritchken said.
Building Better Clouds
One key factor the Accurics’ research found was that the number of remote endpoints did increase across the board, noted Om Moolchandani, CTO, CISO, and co-founder of Accurics.
“But what we also observed was that there are a lot of different cloud endpoints converted into bots because of the endpoint attacks that are going on in the cloud space as well,” he told bluehillco.
So it is a combination of both the remote work, culture getting to the next level, and the cloud breaches, which were allowing attackers to convert the cloud instances into bots, he emphasized.