With the growth of Cloud Services, including Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS) solutions, your organization needs to be cognizant of what is involved with their use and what security in these environments means.
SaaS is the Cloud-based service that consumes the entire operation – specific application(s) that are hosted by a third-party provider, available over the Internet. PaaS provides the platform, allowing customers to develop, run, and manage applications without having to build and maintain the attendant infrastructure. IaaS typically only provides infrastructure, including hardware, storage, and data center space to support the enterprise, with the customer directing the applications and operations.
IDC estimates that in 2018 Cloud computing will be at least 50% of all IT spending, with additional growth to 60-70% by 2020. However, with that growth additional security vulnerabilities will be uncovered, potentially exposing your organization. Recently, a survey of security professionals indicated that one-third (1/3) of breaches affected more than one-half (1/2) of systems. You simply cannot dismiss security concerns once you make the decision to go with a cloud-based solution.
So, what is being done? Cloud providers are beginning to be work directly with security solution providers to address customer concerns and implement end-to-end measures, such as Rackspace’s recent partnership with Cisco to deploy next-generation firewalls directly into its services. Further, according to Cisco, in addition to traditional security tools, tools such as Machine Learning (ML) and Artificial Intelligence (AI) are maturing. Tools like AWS Guardduty and AWS Macie are now being used within the enterprise. It is imperative that as you develop relationships with Cloud providers, you understand their security roadmaps so you can make informed security decisions for your company.
Also, there is a major security skills shortage and using an ‘automation first’ agile approach to security reduces the operational load on security, leverages automation learnings across multiple environments and provides economies of scale savings by utilizing scarce resources in a shared model.
Being acutely aware of your Cloud-based security risks, issues, and potential mitigation strategies will help your company to protect your data and electronic assets.