Cloud computing myths have occupied the IT world for the reason that cloud grew to become a viable infrastructure internet hosting choice a decade and a half in the past. These of us who labored in IT on the time keep in mind the various misconceptions about what the cloud was and whether or not it was doable to host business-critical providers within the cloud whereas sustaining safety and regulatory compliance.
The IT trade and the cloud have developed past all recognition since these early days, and few folks in the present day doubt the worth and energy of the cloud computing mannequin. In 2022, 67% of enterprise infrastructure and 83% of enterprise workloads are hosted on a cloud platform.
But cloud myths persist, significantly cloud safety myths, though their nature has developed together with the cloud. Previously, cloud safety myths had been unduly pessimistic. Right this moment, they’re simply as prone to be unduly optimistic about cloud safety and compliance.
Delusion 1: Cloud Platforms Are Insecure
That is the unique cloud safety delusion, based on the assumption that companies can’t belief infrastructure they don’t management. Nonetheless, if we take a look at the sample of safety incidents involving cloud platforms, it turns into clear that they’re not often brought on by vulnerabilities within the platform itself. They’re virtually all the time the results of cloud customers’ misconfigurations and errors; 70% of cloud safety challenges come up from configuration errors.
Delusion 2: Distributors Take Care of Cloud Safety
The other of our first cloud safety delusion is the mistaken perception that the cloud is inherently safe. Believers function underneath the misperception that internet hosting software program and knowledge within the cloud is a shortcut to improved safety. In actuality, all cloud suppliers use a shared accountability mannequin for safety.
The supplier takes accountability for some safety points—the bodily infrastructure at a minimal, however usually different points relying on the service. The person is then accountable for utilizing these providers securely. For instance, connecting an unencrypted AWS elastic block storage machine to an EC2 occasion creates a possible knowledge leak vulnerability. Amazon offers safe encrypted block storage, however it received’t cease the person from deploying an insecure configuration.
Cloud customers should perceive which safety points they’re accountable for and the way to configure their cloud surroundings to satisfy safety and compliance necessities. In the event you’re frightened that your corporation has cloud misconfigurations, take into account a cloud safety configuration evaluation.
Delusion 3: Compliant Companies Assure Regulatory Compliance
Many cloud suppliers promote that their providers are compliant with info safety rules. For instance, Amazon’s S3 storage service is licensed compliant with SOC, PCI DSS, HIPAA, and different regulatory requirements. However what does that imply? Most significantly, it doesn’t imply that an S3-based knowledge storage system mechanically complies with these requirements.
That is one thing cloud distributors go to some lengths to speak. For instance, Amazon’s PCI DSS compliance documentation states that “AWS establishes itself as a PCI DSS Service Supplier to allow, upon additional configuration, the compliance of our clients.” The “upon additional configuration” half is crucial. S3’s PCI compliance means it may be used as a part of a PCI-compliant system, however it must be configured accurately to take action. A easy configuration error could render any system non-compliant that’s constructed on S3, and it’s the person’s accountability to make it possible for doesn’t occur.
Delusion 4: Dangerous Actors Don’t Goal the Cloud
It is perhaps tempting to assume that transferring to a cloud platform will remedy your corporation’s safety issues. You’re on the finish of your tether with the fixed bombardment of malware, ransomware, phishing assaults, and dangerous bots. You need a safe infrastructure resolution that’s proof against the eye of cybercriminals. However the cloud can’t provide you with what you’re on the lookout for. Most of the greatest safety breaches and knowledge leaks of the previous few years occurred on the cloud.
Criminals go the place the information is, they usually have develop into expert at exploiting cloud vulnerabilities. As we established earlier on this article, most of these vulnerabilities are brought on by cloud person errors. Does that imply cloud platforms can’t enable you to remedy your safety and compliance points? In reality, they will, however you could want the assistance of an skilled cloud professional.
Delusion 5: You Don’t Want A Cloud Safety Audit
A cloud safety audit primarily based on the Middle for Info Safety Benchmarks will assist your corporation keep away from the safety and compliance dangers we’ve highlighted on this article. Skilled info safety consultants will study your AWS, Microsoft Azure, or Google Cloud Platform surroundings for configuration errors, safety vulnerabilities, and knowledge breach dangers. An audit ensures you’ve gotten the knowledge to function a safe and compliant cloud surroundings. To be taught extra, contact a cloud safety specialist at KirkpatrickPrice in the present day.