4 Emerging Cloud Computing Security Risks Infosec Pros Need to Know About
The information technology world is constantly changing and growing. Just about every time you’re at the store there’s a new phone, tablet or gadget on display. By all appearances, the increasingly interconnected world of IT is evolving seamlessly. But as the number and complexity of these devices increases so do the IT security risks.
Many of these risks are now a result of cloud computing, also known more informally as “the cloud.” If you’ve ever sent an email from your mobile device on the go, accessed files through Google Drive or even listened to music with applications like Apple’s iCloud, then you are using cloud computing services. Unfortunately, the new security risks that have resulted from all of this cloud computing have placed us in the middle of an ongoing cyber war, according to Brian Kelley, CIO of Portage, OH.
“There is an ever-increasing need for IT security professionals to leverage their abilities to secure the corporate IT landscape and be ever-vigilant of the inherent computer security risks in the information age,” says Kelley.
So what are these new cloud computing security risks, and what can tech pros do to stay ahead of security breaches? We’ve recruited a number of IT experts to explain the top four cloud computing security risks today’s IT pros are encountering on the front lines.
4 cloud computing security risks
1. Unauthorized data access
With the amount of people accessing or transferring data stored on the cloud, simply preventing unauthorized access can be challenging. “It is critical that user authentication is not only secure but easy to use and simple to manage,” says Steven Sprague, CEO of hardware security company Rivertz Corp.
Cloud services are supported by specific providers, which means that only those providers are aware of any unauthorized access, according to Sprague. Businesses or corporations typically do not have any awareness of how their data is being handled, even if it is stolen. The challenge for IT pros is incorporating built-in security into devices such as smart phones and tablets in addition to applications that use the cloud, so that there is increased data protection for businesses and other users.
“Leveraging the hardware security within the device provides a modern way to ensure that the data is what it claims to be,” Sprague says.
Even the relatively new world of cloud computing isn’t immune to one of IT’s oldest threats – malicious hackers. “Hacking is very profitable, which means companies are constantly under attack. Professional IT security practitioners need to deal with the risk associated with social engineering, out of date systems, insecure software, the cloud, and more,” says Mark Wolters, a research analyst consultant with SecureState.
The cloud is an appealing target in part because so many individual users and corporations are taking it upon themselves to ty and manage their own data. Though most cloud providers have solid security systems in place, they can’t provide the control and security of companies who employ IT professionals to stay ahead of potential vulnerabilities.
“IT is a constantly changing field, and attackers are developing new exploits and methods daily. Security professionals must evolve quickly to keep pace,” says Wolters.
3. Irresponsible file sharing
The feature that makes cloud computing so convenient is also one that makes it a security risk: data stored in the cloud can be accessed from anywhere on the internet, according to Wolters. The good news is that most cloud providers have strong security that can prevent most attacks. The bad news is that sometimes hackers can circumvent these security measures because file sharing to the cloud is often done irresponsibly, says Curtis Peterson, the digital marketing manager for SmartFile, which specializes in secure business file sharing.
The big problem with file sharing is “Shadow IT,” the use of IT tools without having the approval of the organization or an IT professional, according to Peterson. Many employees store confidential company data on their personal file sharing apps, such as Dropbox, without company permission. With sensitive or confidential company information being shared on the cloud through personal accounts, this data becomes less secure.
Peterson says that the future of cloud computing security relies on updating IT infrastructure so that it can control, monitor and automate file activity and prevent irresponsible file sharing.
4. The fast-paced growth of cloud computing
When it comes to the cloud and all the data that is stored and transferred within it, you may be wondering, how exactly can something that big be protected? Though cloud providers offer security oversight for these cloud computing services, another problem is arising. Cloud companies are currently being acquired by larger organizations like IBM or Oracle, according to Bil Harmer, chief security officer at GoodData.
In the past, cloud vendors only had to provide security for one application, says Harmer, but as these larger organizations acquire the cloud vendors, security issues become more complex. “You will no longer have a single, dedicated and tailored security program for a single app; you will instead have a single security program for multiple apps and built on different technology,” says Harmer. This can lead to compromises in cloud computing security.
Not only is the cloud a massive database, but its management is being outsourced to places like China, Ireland, and the Philippines, according to Harmer. The more people handling data means more opportunities for security breaches. “IT security professionals need to look behind the scenes to determine the validity and effectiveness of the cloud providers’ Information Security Management System (ISMS),” advises Harmer.
The cloud floats on
While today’s cloud computing security risks are volatile, one thing is certain: As our relationship with the cloud grows more complex, the problems we face will too. Stay up to date with cloud computing and other trends in the world of IT security by checking out our article: 21 Cyber Security Blogs that Keep IT Pros in the Know.