By Prasoon Pathak -Director Delivery – Cloud Services, SecureKloud Technologies Ltd
The cloud footprint is expanding faster and broader. Gartner predicts that global public cloud services will grow at a CAGR of 18.24% to reach $1 trillion by 2026, from the estimated value of $604.9 billion in 2023. It says that 95% of new digital workloads will be on cloud platforms by 2025, from the 30% levels of 2021. It means more data will be on the cloud, which is becoming inevitable in the IT landscape as its low cost, simplicity, reliability, and flexibility prompt more companies to embrace the cloud, whether private, public or hybrid.
So, securing the cloud and protecting data are becoming highly significant in the days to come. A survey has found that 75% of organizations have cited security as the top concern regarding the cloud. Data being complex and dynamic, collected and stored in many forms, is vulnerable to breaches, as we have seen in many instances.
A study by API security vendor Corsha Inc has found that 53% of companies covered experienced a data breach to networks or apps due to compromised API tokens. In December, hackers attacked an Amazon Web Services (AWS) cloud, exposing sensitive data from 77,000 Uber employees in a third-party incident. The 2022 Data Breach Report by Identity Theft Resource Centre says there were 1802 breaches in the last year, hitting over 422 million victims. The 2022 Thales Cloud Security Report by S&P Global Market Intelligence reported that 45% of businesses experienced a cloud-based data breach or failed audit in the past 12 months.
Cloud computing is susceptible to the same security threats as traditional IT systems, including hacking, malware, and unauthorized access. Third-party software and supply chain risks, cloud ransomware, advanced persistent threats, multi-cloud sprawl, shadow data, over-permissioning in the cloud, human errors, misconfigurations, and data misuse are other specific threats to the cloud.
Cloud computing also introduces new security challenges, such as shared infrastructure, multi-tenancy, and a need for physical control over data. In a cloud environment, multiple customers share the same underlying infrastructure, making it essential to secure the infrastructure and prevent unauthorized access to the stored data.
Similarly, cloud computing providers often provide services to multiple customers, meaning data from different organizations is stored and processed on the same servers. This requires strong security measures to prevent unauthorized access or exposure of one customer’s data by another. Another area of concern is the need for physical control. In a cloud environment, customers do not have physical control over their data, so implementing strong logical access controls is essential to prevent unauthorized access.
Organizations need to implement a combination of technical, administrative, and physical security measures to protect data in the cloud. Technical measures include encryption, firewalls, and access controls to prevent unauthorized access to data. Organizations should also ensure that their cloud computing providers have robust security protocols in place, such as encryption of data in transit and at rest. Administrative measures cover policies and procedures to govern cloud computing, such as access controls, data backup and recovery, and incident response. Organizations should also have a process in place for monitoring and auditing the use of their cloud computing services. Apart from these, physical measures should also be taken. They include protecting the physical facilities that host cloud computing services, such as data centers, to prevent unauthorized access to data.
When choosing a cloud computing provider, it is essential to consider the security measures that the provider has in place. Organizations should look for providers with a proven track record in security and privacy and certifications and accreditations demonstrating their commitment to safety.