Cloud security is taking a back seat to cloud enthusiasm

New architectures create new risks as businesses pull back their all-in cloud commitment

The ease with which cloud-based architectures facilitate third-party communications will make them a key security risk in coming years, security experts have warned as Australian firms rush headlong into the cloud without fully considering its implications.

Ever more-mature understanding of cloud platforms is seeing cybercriminals refining their strategies for attacking cloud-hosted data, security firm Trend Micro warned in laying down its vision of the security threatsfrom the coming decade.

Use of code injection attacks, such as deserialization bugs, cross-site scripting and SQL injection would be targeted at cloud providers and – due to the increasing use of third-party libraries in fast-moving agile development environments – see risk propagating across supply chains and managed service providers via compromised container components and libraries.

“As we enter a new decade, organisations of all industries and sizes will increasingly rely on third party software, open-source, and modern working practices to drive the digital innovation and growth they crave,” Trend Micro director and data scientist Dr Jon Oliver said in a statement.

“We predict that this fast growth and change will bring new risks of supply chain attacks. From the cloud layer all the way down to the home network, IT security leaders will need to reassess their cyber risk and protection strategy in 2020.”

Security concerns are seeing many firms are pulling key applications back from the cloud to on-premises environments, hyperscale computing provider Nutanix found in its recent Enterprise Cloud Index 2019, a Vanson Bourne survey of 2650 IT decision-makers in 24 countries.

Fully 73 percent of enterprises are moving some applications on-premises and adopting a hybrid model that leverages the relative strengths of both cloud and on-premises environments, the firm found while noting that “creating and executing a cloud strategy has become a multidimensional challenge”.

The security of cloud environments was cited by 60 percent of respondents as the factor that would have the biggest influence on cloud deployment plans, with compliance also rating highly. Hybrid environments were judged as the most secure architecture by 28 percent of respondents, the highest of several options.

Bringing cloud security up to scratch has been a key goal for enterprise software providers, with IBM recently launching a set of tools for integrating data across multiple platform tools so that data can be analysed without creating new security issues by moving it.

Improving competency in cloud security must become a priority for Australian companies, warned Joel Camissar, director of managed security service provision and strategic general technology manager with McAfee.

That firm’s recent Cloud Adoption and Risk Report found that Australian companies are leading the world in terms of benefits realised from cloud – but second-worst of the surveyed markets when it comes to securing their cloud environments.

A lack of clear guidance around cloud security had left many companies feeling overconfident with half-strength security solutions, Camissar explained.

“It’s pretty clear that good cloud security accelerates business growth,” he said, “but Australia has very much taken a principles-based approach rather than a heavy-handed regulatory approach in how we deal with some of these challenges.”

“It’s a concerning trend where you’ve got a bit of a she’ll-be-right mentality in terms of deploying cloud services and security.”