Cloud(s) Security Ahead - Bridge Out or Hacker - Part 2

By Thomas B. Cross - CEO TECHtionary.com

In Part 1 with 90% of security experts and leaders concerned about cloud security and with more than 50% of companies using more than one cloud, this suggests that the cloud is more like "fool's gold" than IT paradise. It gets worse as reported in the Nominet report, "69% of respondents from multi cloud businesses reported suffering between 11-30 breaches compared to 19% of those from single cloud business and 13% from hybrid cloud businesses." You have to be saying to yourself, there is a direct correlation to the number of clouds, number of and severity of cyberattacks. That means the more clouds you have the worse it gets and should be asking yourself, at what point do you say enough is enough? The problem is compounded with the majority of organizations have outsourced internal and cloud security to generally "silo" security solutions who can only solve one problem and probably not fix the attack you have which means you have to find someone else to fix it. This is where the report gets really weird, in my opinion, "When asked about the relative risk of security breaches in cloud environments compared to on-premise, one third (37%) said that they thought it to be higher. The good news is that 61% thought the risk to be the same, or lower. This speaks to a growth in confidence in the security of cloud services and an understanding of how the cloud can be secured." You should be rolling your eyes back thinking; are the respondents really telling the truth or just saying that not revealing the real truth. In my opinion, the real truth is what we have found less focus groups but in private conversations with CIOs who have real fear of losing their jobs it is far worse than they expected and by adding more and more clouds into the mix it gets to the point that there is a real hurricane coming. In addition, in other private conversations, CIOs are really saying they have no idea where the cloud is going but are just going along for the ride as that is what they have done for decades. They just accept what the vendor pushes out because it is the "easy way out" of the situation to building their own applications, operating systems or anything else. 

Notwithstanding having any total control, CIOs feel that the smartphone gave the power to the user and with that the CIO lost real control over IT. Of course, access control, billing and more but there is a real sense in our interviews that the CIOs can't see their way out of this and again, just playing along hoping that the "kids won't cause too much harm to themselves or the company." One CIO said that social media platforms have done more harm than good to the company and any goals that IT might have had in the toxic media pond. On another note, CIOs also seem even more scared about IoT-internet of things telling Nominet, "security of IoT devices was the number one concern for respondents from CNI companies (57%), an industry where such devices are used prolifically for monitoring purposes, and where any security breach could potentially be catastrophic." Some of this is reflected in a hack attack against the well-known retailer where a backdoor on an POS-point of sale device was the point of entry by the attacker. 

Summary - Cloud security is also on a "fool's errand" as security in this new IT space is more like hoping not for the worst to happen rather than planning living on Mars and anything in the future. CIOs bend like the wind as they also can't hold back future innovation. Saying that they must rethink their approach to cloud technology otherwise get sucked into vortex of tornado clouds.

Reference:

https://nominetcyber.com/cyber-security-and-the-cloud/

?