FEATURE
cybersecurityeurope
NO BACKU DDOS ATTACKS INSECURE
INSIDER THREATS SPECTRE & MELTDOWN
PERSIST EXPLOITS ACCOUNT HIGHJACKING
DATA
Public cloud services may well be harder to hack – but are issues like shared responsibility confusion and Shadow IT giving rise to additional cloud security challenges?
INSIDE THE SPRING 2019 EDITION OF THIS MAGAZINE WE REPORTED HOW Gemalto’s Global Cloud Data Security Study 2018 had indicated that of the companies surveyed, more had moved their data to public Cloud Service Providers (CSPs) in the expectation that it would be safer hosted on their systems. While, for the Gemalto study’s sample, cost and faster deployment time were the most important criteria for selecting a CSP, security as a winning factor increased from 12% of the poll in 2015 to 26% by 2017. According to some sources, that level of confidence has continued to make gains over the 12 months since. Some 72% of organisations surveyed by the Oracle and KPMG Cloud Threat Report 2019 held that they view public clouds as ‘much more/somewhat more secure’ than the IN BRIEF
security assurance they can deliver on-premises – a 10% increase from the previous year’s report’s response on this question. However, as the cloud market has further matured, new security-related issues have also emerged that could indicate that confidence in the resilience of public clouds may have passed an apex. As public cloud service offerings have diversified and commoditised, giving rise to extra complexity and costs, it has brought new challenges for cloud security management. Confusions around the public cloud Shared Responsibility Security Model (SRSM) is an instructive case
A survey of 1,000 enterprise IT practitioners found that 73% of those professionals did not fully understand the public cloud SRSM. in point. The SRSM depicts the division of assigned responsibility between CSPs and the customer of a given cloud service (or services) for how that service, and the data it contains, is secured. This model is regarded in many quarters as the primary foundational construct of cloud security strategies, although it is more a simple reference model than an industry standard.
CLOUD ADOPTION TO ACCELERATE ‘IT MODERNISATION’ Coud-adoption has increased rapidly, with cloudspecific spending expected to grow at more than six times the rate of general IT spending through 2020, according to McKinsey. While large organisations
30
have successfully implemented specific Software-as-a-Service (SaaS) or have adopted a cloudfirst strategy for new systems,
