Fears of cloud insecurity “should not drive infrastructure decisions”
Alert Logic’s latest cloud security report has summarised that cloud security providers (CSPs) are “inherently no less secure than enterprise data centres”, and that cloud security threats continue to follow a consistent pattern.
In its State of Cloud Security Report, subtitled “Targeted Attacks and Opportunistic Hacks”, the network security provider observed over 45,000 security incidents and found that some things don’t change; Web application attacks are the biggest threat for IT infrastructures.
The top three incident classes, for cloud hosting providers, were Web application attacks (52%), followed by brute force (30%) and vulnerability scans (27%). This compares interestingly with enterprise data centres, which saw malware and brute force as the number one incident class (49%).
Perhaps unsurprisingly, brute force accounted for the most frequent type of assault, given brute force hackers try a wide variety of combinations in order to get in.
Regardless, the overall conclusion was that the cloud was not inherently more vulnerable than enterprise centres, partly down to the fact that of the six security incident categories, only one – Web application attacks – were found more often in cloud hosts.
Similarly, cloud hosting providers seem to face fewer types of threats when compared to the enterprise data centres; 1.8 on average for CSPs compared to 2.5.
Yet the big takeaway concerned the threat of web app attacks. “The data confirms what we suspected,” said Stephen Coty, director of security research at Alert Logic. “Web application attacks continue to be a serious threat across all environments.
“These types of threats are easily launched through automated tools and should be a top concern for any organisation that is serious about security.”
In terms of companies protecting against web attacks, Alert Logic recommends thorough patch management, secure coding and active defence mechanisms, such as a web application firewall, to best nullify the threat.
The cloud security threats, however, are varied and stark. According to the Cloud Security Alliance data breaches, data loss and account hijacking are the main threats, whilst AccelOps saw the biggest danger as BYOD.
Further research from Easynet had shown that for 61% of European CIOs, security is still the key concern when considering migrating to the cloud.
Would this put you more at ease with adopting cloud computing?