• United States



CTO Cloud/SaaS, Intel Security

You Can Outsource the Work, but You Cannot Outsource the Risk

Nov 29, 20163 mins

Threats, regulations, and vendor responses to risks in the cloud.

As trust in cloud services continues to grow, enterprise usage will go up, inevitably attracting the attention of cybercriminals. Although an increasing array of sensitive and confidential data is moving to cloud storage and processing, we expect that most businesses will continue to keep the crown jewels in their own data centers. This may actually increase risk. We believe that with deeper and broader security resources, public clouds are arguably more secure than private clouds.

We discuss the future of cloud threats, regulations, and likely vendor responses in the McAfee Labs 2017 Threats Predictions report. Some of the top threats include continued risk from antiquated authentication systems, insufficient visibility into and control of cloud workloads, and ongoing regulatory challenges.

Continued risk from antiquated authentication systems

People and their passwords continue to be the most frequent vulnerability exploited in data breaches. Stealing credentials gives criminals seemingly legitimate access to systems, often undetected by security defenses. Stealing credentials for cloud systems, especially those of administrators, can enable access to hundreds or thousands of customer databases and workloads. We expect targeted attacks against cloud administration accounts to increase, whether through brute force, phishing, or other social engineering vectors. Security vendors will respond with new types of multifactor and biometric identification systems, expanding from fingerprints to other unique factors such as irises, faces, and heartbeats.

Insufficient visibility into and control of cloud workloads

The ability to move data and workloads around is an important cloud benefit, but it also increases risk. Not knowing where data is going or not being able to control where workloads run can affect regulatory compliance or expose data to theft. Capabilities that restrict data movement or workloads lag well behind the need. We expect that increasing cloud awareness will be built into data loss prevention and policy orchestration tools, enabling better coordination of security controls and policies across internal and external clouds.

Ongoing regulatory challenges

Perhaps the biggest uncertainty in cloud services is the growing gap between usage and regulation, and the legal disparity between jurisdictions. Lawmakers cannot keep up with the rate of technological change in this area, and so will use phrases such as “due diligence” and “reasonable efforts” in cloud privacy and security legislation. As a result, cloud service providers, cyber insurance providers, and their customers will face years of litigation. We expect some jurisdictions to impose minimum operating or auditing requirements for cloud service providers, while others will restrict data movement. These conflicting and sometimes even contradictory regulations will be a significant challenge for multinational corporations, and may even restrict cloud adoption in some markets.

To read the full details about these and other cloud predictions, download the McAfee Labs 2017 Threats Predictions report.

CTO Cloud/SaaS, Intel Security

Jamie Tischart is the CTO for Cloud/SaaS (Security as a Service) and is responsible for leading the creation of Intel Security's future generation Cloud solutions and creating sustainable competitive advantage. He has been with Intel Security for over 10 years, in a wide variety of technical roles including Sr. Director of Cloud Engineering, Operations & Research and Sr. Director McAfee Labs - Quality Engineering and Operations. Prior to joining then McAfee, Tischart held several executive, QA architect, management and engineering positions at such companies as MX Logic, Blackbaud, Openwave, Newbridge Networks and Corel. Tischart holds an MBA from Aspen University. He lives with his family in Colorado where he pursues his passions for SaaS Development, DevOps, Cloud Operations along with Agile Coaching and Quality Engineering Leadership, while enjoying skiing, writing and hockey. He is an active volunteer for organizations including Habitat for Humanity, Ronald McDonald House Charities of Denver, Inc. and Food Bank of the Rockies.

More from this author