How do you secure the cloud? New data points a way

Reports show big differences in risk among public, private, and hybrid cloud deployments. Here’s advice on the tools, information, and organizational structure needed to execute a successful cloud security strategy.

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

The march toward the cloud for data and services has many companies rethinking their approach to cyber security. Do they need a cloud security strategy? What is different about a cloud security strategy? Recent surveys have shed light on how security strategies are changing, and more important, how they should change.

Placing more IT infrastructure in the cloud is in some ways more secure than having it in house. For instance, you can be reasonably sure that the system is running the latest version with the proper patches in place. Cloud service providers are also building in new capabilities such as using machine language for anomaly detection. However, it also presents new risks, some of which is the result of misunderstanding how to manage cloud security.

It is important to know how a company’s cloud IT strategy—whether it’s hybrid, private hosted, or public—affects its cyber security strategy and the tactical execution of that strategy.

What is the cloud security risk?

Data from cloud security provider Alert Logic shows the nature and volume of risk for each form of cloud environment as compared to an on-premises data center. For 18 months, the company analyzed 147 petabytes of data from more than 3,800 customers to quantify and categorize security incidents. During that time, it identified more than 2.2 million true positive security incidents. Key findings include:

  • Hybrid cloud environments experienced the highest average number of incidents per customer at 977, followed by hosted private cloud (684), on-premises data center (612), and public cloud (405).
  • By far, the most common type of incident was a web application attack (75 percent), followed by brute force attack (16 percent), recon (5 percent), and server-side ransomware (2 percent).
  • The most common vectors for web application attacks were SQL (47.74 percent), Joomla (26.11 percent), Apache Struts (10.11 percent), and Magento (6.98 percent).
  • Wordpress was the most common brute force target at 41 percent, followed by MS SQL at 19 percent.

Whether it’s a public, private or hybrid cloud environment, web application threats are dominant. What’s different among them is the level of risk you face. “As defenders, at Alert Logic our ability to effectively protect public cloud is higher as well, because we see a better signal-to-noise ratio and chase fewer noisy attacks,” says Misha Govshteyn, co-founder of Alert Logic. “When we see security incidents in public cloud environments, we know we have to pay attention, because they are generally quieter.” 

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.