Cloud computing has burst recently into technology and business scene promising great technical and economic advantages, like offering On-demand provisioning of computer services, improved flexibility and scalability as well as reducing costs. Another attractive point of the cloud is its ability to enable a mobile workforce, which brings enhanced flexibility and efficiency. But cloud computing systems also provide attackers with new opportunities and can amplify the ability of the attacker to compromise the computing infrastructure.
Amidst the COVID-19 pandemic crisis, various governments and regulatory authorities mandate both public and private organizations to embrace new practices for working remotely and maintaining social distancing. Since then, the digital ways of doing business became the new business continuity plan (BCP) for various organizations. With the widespread use of BYOD device, WFH trend, and internet penetration across the corners of the globe, individuals are progressively inclined towards the use of digital technologies such as cloud solutions, driving the need for cloud security measures for protection against cyber-attacks. Cloud security solutions enable organizations to ensure business continuity and stay safe from the threat of cybercrimes and malicious threat actors. Many industries are heavily investing in R&D to develop cloud-based analytics software to study the spread of COVID-19.
Cloud Computing threats
All cloud models are susceptible to threats. IT departments are naturally cautious about moving mission-critical systems to the cloud and it is essential the right security provisions are in place, whether you are running a native cloud, hybrid or on-premise environment. The public cloud environment has become a large and highly attractive attack surface for hackers who exploit poorly secured cloud ingress ports in order to access and disrupt workloads and data in the cloud. Malware, Zero-Day, Account Takeover and many other malicious threats have become a day-to-day reality.
Cloud assets are provisioned and decommissioned dynamically—at scale and at velocity. Traditional security tools are simply incapable of enforcing protection policies in such a flexible and dynamic environment with its ever-changing and ephemeral workloads.
Cloud computing infrastructures, in particular, tightly integrate large numbers of hosts using high-speed interconnection fabrics that can serve to propagate attacks even more rapidly than conventional networked systems. Today’s hosts, of course, are highly vulnerable, but even if the hosts within a cloud are reasonably secure, any residual vulnerability in the hosts will be amplified dramatically.
Data breaches in the cloud are unlike on-premises breaches, in that data theft often occurs using native functions of the cloud. A Cloud-native breach is a series of actions by an adversarial actor in which they “land” their attack by exploiting errors or vulnerabilities in a cloud deployment without using malware, “expand” their access through weakly configured or protected interfaces to locate valuable data, and “exfiltrate” that data to their own storage location.
Cloud-native breaches often fall to a cloud customer’s responsibility for security, which includes the configuration of the cloud service. Research shows that just 26% of companies can currently audit their IaaS environments for configuration errors. Misconfiguration of IaaS often acts as the front door to a Cloud-native breach, allowing the attacker to successfully land and then move on to expand and exfiltrate data. Research also shows 99% of misconfigurations go unnoticed in IaaS by cloud customers.
A rogue employee is capable of using cloud services to expose an organization to a cybersecurity breach. A recent McAfee Cloud Adoption and Risk Report revealed irregular activity indicative of insider threat in 85% of organizations.
Cloud security, also known as cloud computing security, consists of a set of policies, controls, procedures and technologies that work together to protect cloud-based systems, data, and infrastructure. These security measures are configured to protect cloud data, support regulatory compliance and protect customers’ privacy as well as setting authentication rules for individual users and devices. From authenticating access to filtering traffic, cloud security can be configured to the exact needs of the business. And because these rules can be configured and managed in one place, administration overheads are reduced and IT teams empowered to focus on other areas of the business.
Cloud security involves the procedures and technology that secure cloud computing environments against both external and insider cybersecurity threats.
For businesses making the transition to the cloud, robust cloud security is imperative. Security threats are constantly evolving and becoming more sophisticated, and cloud computing is no less at risk than an on-premise environment. For this reason, it is essential to work with a cloud provider that offers best-in-class security that has been customized for your infrastructure.
The way cloud security is delivered will depend on the individual cloud provider or the cloud security solutions in place. However, implementation of cloud security processes should be a joint responsibility between the business owner and solution provider.
Cloud security offers all the functionality of traditional IT security, and allows businesses to harness the many advantages of cloud computing while remaining secure and also ensure that data privacy and compliance requirements are met.
Cloud security offers many benefits, including:
Centralized security: Just as cloud computing centralizes applications and data, cloud security centralizes protection. Cloud-based business networks consist of numerous devices and endpoints that can be difficult to manage when dealing with shadow IT or BYOD. Managing these entities centrally enhances traffic analysis and web filtering, streamlines the monitoring of network events and results in fewer software and policy updates. Disaster recovery plans can also be implemented and actioned easily when they are managed in one place.
Reduced costs: One of the benefits of utilizing cloud storage and security is that it eliminates the need to invest in dedicated hardware. Not only does this reduce capital expenditure, but it also reduces administrative overheads. Where once IT teams were firefighting security issues reactively, cloud security delivers proactive security features that offer protection 24/7 with little or no human intervention.
Reduced Administration: When you choose a reputable cloud services provider or cloud security platform, you can kiss goodbye to manual security configurations and almost constant security updates. These tasks can have a massive drain on resources, but when you move them to the cloud, all security administration happens in one place and is fully managed on your behalf.
Reliability: Cloud computing services offer the ultimate in dependability. With the right cloud security measures in place, users can safely access data and applications within the cloud no matter where they are or what device they are using.
Segmentation of cloud security responsibilities
Cloud security differs based on the category of cloud computing being used. There are four main categories of cloud computing:
- Public cloud services, operated by a public cloud provider — These include software-as-a-service (SaaS), infrastructure-as-a-service (IaaS), and platform-as-a-service (PaaS).
- Private cloud services, operated by a public cloud provider — These services provide a computing environment dedicated to one customer, operated by a third party.
- Private cloud services, operated by internal staff — These services are an evolution of the traditional data center, where internal staff operates a virtual environment they control.
- Hybrid cloud services — Private and public cloud computing configurations can be combined, hosting workloads and data based on optimizing factors such as cost, security, operations and access. Operation will involve internal staff, and optionally the public cloud provider.
Most cloud providers attempt to create a secure cloud for customers. Their business model hinges on preventing breaches and maintaining public and customer trust. Cloud providers can attempt to avoid cloud security issues with the service they provide, but can’t control how customers use the service, what data they add to it, and who has access. Customers can weaken cybersecurity in cloud with their configuration, sensitive data, and access policies. In each public cloud service type, the cloud provider and cloud customer share different levels of responsibility for security. By service type, these are:
Software-as-a-service (SaaS) — Customers are responsible for securing their data and user access.
Platform-as-a-service (PaaS) — Customers are responsible for securing their data, user access, and applications.
Infrastructure-as-a-service (IaaS) — Customers are responsible for securing their data, user access, applications, operating systems, and virtual network traffic.
Within all types of public cloud services, customers are responsible for securing their data and controlling who can access that data. Data security in cloud computing is fundamental to successfully adopting and gaining the benefits of the cloud. Organizations considering popular SaaS offerings like Microsoft Office 365 or Salesforce need to plan for how they will fulfill their shared responsibility to protect data in the cloud. Those considering IaaS offerings like Amazon Web Services (AWS) or Microsoft Azure need a more comprehensive plan that starts with data, but also covers cloud app security, operating systems, and virtual network traffic—each of which can als
Cloud security solutions
Organizations seeking cloud security solutions should consider the following criteria to solve the primary cloud security challenges of visibility and control over cloud data.
- Visibility into cloud data — In many cases, cloud services are accessed outside of the corporate network and from devices not managed by IT. This means that the IT team needs the ability to see into the cloud service itself to have full visibility over data, as opposed to traditional means of monitoring network traffic. A complete view of cloud data requires direct access to the cloud service. Cloud security solutions accomplish this through an application programming interface (API) connection to the cloud service. With an API connection it is possible to view:
- What data is stored in the cloud.
- Who is using cloud data?
- The roles of users with access to cloud data.
- Who cloud users are sharing data with.
- Where cloud data is located.
- Where cloud data is being accessed and downloaded from, including from which device.
- Control over cloud data — In a third-party cloud service provider’s environment, IT teams have less access to data than when they controlled servers and applications on their own premises. Cloud customers are given limited control by default, and access to underlying physical infrastructure is unavailable. Once you have visibility into cloud data, apply the controls that best suit your organization. These controls include:
- Data classification — Classify data on multiple levels, such as sensitive, regulated, or public, as it is created in the cloud. Once classified, data can be stopped from entering or leaving the cloud service.
- Data Loss Prevention (DLP) — Implement a cloud DLP solution to protect data from unauthorized access and automatically disable access and transport of data when suspicious activity is detected.
- Collaboration controls — Manage controls within the cloud service, such as downgrading file and folder permissions for specified users to editor or viewer, removing permissions, and revoking shared links.
- Encryption — Cloud data encryption can be used to prevent unauthorized access to data, even if that data is exfiltrated or stolen.
- Access to cloud data and applications— Users may access cloud applications and data over the internet, making access controls based on the traditional data center network perimeter no longer effective. User access can be from any location or device, including bring-your-own-device (BYOD) technology. In addition, privileged access by cloud provider personnel could bypass your own security controls. As with in-house security, access control is a vital component of cloud security. Typical controls include:
- User access control — Implement system and application access controls that ensure only authorized users access cloud data and applications. A Cloud Access Security Broker (CASB) can be used to enforce access controls
- Device access control — Block access when a personal, unauthorized device tries to access cloud data.
- Malicious behavior identification — Detect compromised accounts and insider threats with user behavior analytics (UBA) so that malicious data exfiltration does not occur.
- Malware prevention — Prevent malware from entering cloud services using techniques such as file-scanning, application whitelisting, machine learning-based malware detection, and network traffic analysis.
- Privileged access — Identify all possible forms of access that privileged accounts may have to your data and applications, and put in place controls to mitigate exposure.
- Compliance — Use of cloud computing services adds another dimension to regulatory and internal compliance. Your cloud environment may need to adhere to regulatory requirements such as HIPAA, PCI and Sarbanes-Oxley, as well as requirements from internal teams, partners and customers. Cloud provider infrastructure, as well as interfaces between in-house systems and the cloud are also included in compliance and risk management processes. Existing compliance requirements and practices should be augmented to include data and applications residing in the cloud.
- Risk assessment — Review and update risk assessments to include cloud services. Identify and address risk factors introduced by cloud environments and providers. Risk databases for cloud providers are available to expedite the assessment process.
- Compliance Assessments — Review and update compliance assessments for PCI, HIPAA, Sarbanes-Oxley and other application regulatory requirements.
Cloud Security Market
The global cloud security market size in the post-COVID-19 scenario is projected to grow from USD 34.5 billion in 2020 to USD 68.5 billion by 2025, at a CAGR of 14.7% during the forecast period. The major factors driving the market include the increasing number of sophisticated cyber-attacks on cloud computing systems, and growing need for compliance with various upcoming regulations.
Driver: Growing sophistication of cybercrimes, cyber espionage campaigns, and generation of new cyberattacks
The instances of massive cyberattacks globally involve the use of the internet for deliberate and politically motivated attacks on cloud IT infrastructures, which lead to data loss for individuals, enterprises, and governments. Due to the rapid rise in digital transactions globally across verticals, there is an increase in the frequency of cyber-crimes. The increase in the enterprise data breaches or data leakage is fueling the cloud security market. Data stored in cloud servers are more vulnerable to cyberattacks than data stored in organization servers. With advent of COVID-19, the use of cloud collaboration tools and services, such as Microsoft Teams, Cisco WebEx, and Zoom, as a result of the distributed work from home environment, has increased. SMEs are shifting their data on cloud servers, leading to a surge in the attack surface for cyber crooks. The growing number of SMEs that use web- and cloud-based tools and applications make these organizations prime targets for threat actors leading to the increading adoption of cloud security solutions.
Distrust and weak collaboration among enterprises and cloud security service providers
Large and small organizations are hesitant to move their businesses over the cloud as they do not trust Cloud Services Providers (CSPs) completely. This lack of trust is perceived due to the lack of clarity in Service Level Agreements (SLAs) and security or privacy policies, standard terms and conditions, immaturity of cloud services, data breaches, and many other issues. Following a transparent information security approach by cloud security service vendors could enable companies to gain the trust of their clients.
Opportunity: Increasing government initiatives to support smart infrastructure projects
Governments across countries are investing in cloud-computing delivery models and are working with private sector companies through Public Private Partnerships (PPP), to promote projects such as smart city initiatives, and smart transportation projects. Fir example, in 2020, the Japanese government signed a contract with Amazon Web Services (AWS) worth USD 273 million to host human resource systems and document management tools in the cloud. These initiatives are massively contributing to digital disruption with the use of cloud technologies. Hence, government initiatives with heavy investments in cloud technology are expected to drive the growth of the cloud security market.
Challenge: Lack of awareness among enterprises and consumers due to complexities of cloud computing models
Enterprises rely on cloud services for on-demand storage power and computing resources. Cloud computing offers various service models, such as Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). Organizations face a crucial challenge when selecting the right infrastructure to deploy cloud computing solutions as per their needs. Also, users in the MEA and Latin American regions are not extremely familiar and aware of the benefits and potential of cloud computing. Relying on CSPs to manage the entire portfolio of an organization’s cloud infrastructure, such as installation, technical support, Customer Relationship Management (CRM), and training and support services, could help overcome complexities in the deployment of cloud security in the future.
Large enterprises are organizations that have more than 1,000 employees. These organizations invest heavily in advanced technologies for increasing overall productivity and efficiency. Large enterprises are widely opting cloud security solutions and are expected to invest significantly in advanced cloud security solutions to provide optimum security to their enterprises’ intense competitive environment.
Large enterprises have adopted cloud security solutions, as they use a large number of cloud and Internet of Things (IoT)-based applications that are highly susceptible to cyberattacks. Moreover, as they face threats from targeted attacks to disrupt their Information Technology (IT) services, these organizations adopt cloud security solutions to provide effective security.
The major vendors covered in the cloud security market report include Microsoft (US), Cisco (US), Trend Micro (Japan), McAfee (US), Qualys (US), Amazon Web Services (US), Broadcom (US), Checkpoint (US), IBM (US), Foreseeti (Sweden), Sophos (UK), Forcepoint (US), Palo Alto Networks (US), Bitglass (US), Imperva (US), CipherCloud (US), Proofpoint (US), Zscaler (US), FireEye (US), CloudPassage (US), Fortinet (US), Avanan (US), Illumio (US), vArmour (US), Aqua Security (Israel), Cloudflare (US), SiteLock (US), and Tenable (US).