Security in Cloud Apps Proves a Growing Problem
July 22, 2014
The move to the cloud, for many business systems, is one that's proving to offer plenty of advantages. It's offering greater flexibility, greater mobility, and even some cost savings for businesses that put it to use. But as is often the case with most any new development in technology, there are positive and negative benefits to consider, and the cloud is increasingly having one major problem: security.
Several reported incidents in recent months have shown that there's something of an issue when it comes to security and cloud-based apps. One company, Code Spaces, found itself needing to close altogether after the loss of its customer data in the wake of unauthorized access to its AWS management infrastructure. Worse, Dropbox (News - Alert) found itself being used as the command-and-control infrastructure for several attacks on government websites, and even that almost paled in comparison to Heartbleed, and the rampage it went on in exposing vulnerabilities and taking advantage of same.
But the positive to this is that, with all these new attacks taking place, businesses are beginning to more closely consider just what cloud applications are being used, just where said applications are being used and what measures can be taken to protect a business and its operations from the kind of disastrous implications that an unsecured cloud app can mean for a business. One point is becoming increasingly clear: the standard protection measures for business use—endpoint management systems, firewalls, and the like—are no longer sufficient in isolation to fully protect a business; necessary, certainly, but not sufficient alone.
Given that Gartner (News - Alert) recently stressed cloud security in the construction of its “Top 10 Technologies for Information Security in 2014” list, this should suggest to most anyone who deals in cloud matters that security is going to be particularly important for the cloud for some time to come. Issues of visibility are regularly pointed out—the cloud has a tendency to add a bit of complexity to normal operations—and that may make a bit of trouble in terms of management. It's tough to manage things that can't be measured, and the cloud's often remote nature makes management difficult. But some new tools, known as “cloud access security brokers” to Gartner (Forrester Research (News - Alert) reportedly calls these “cloud data protection” tools), help to provide a bit of transparency to the process, and offer up a note of extra management capability, and from there the ability to better protect data.
The key point here, however, is not that cloud apps are inherently dangerous, but rather, that cloud apps require a different kind of security to best protect. Indeed, cloud apps have something of a better understanding that such apps are constantly under fire by those who seek unauthorized access, and thus work better to protect the data contained within. But in much the same way that a deadbolt lock can't be opened with a keycard, cloud apps need a different kind of protection, one that many organizations haven't quite considered fully as yet. The sooner that specifically cloud-based protections are brought in, the better overall cloud apps will be protected.
Protections specifically for cloud apps will likely result in better protected cloud apps, and better protected data as well, helping make the cloud a safer place for all concerned, and giving us all a valuable set of tools to use that are safe.
Edited by Adam Brandt