Cloud Security Still a Murky Issue as Vendors Move Vulnerabilities Creep with Them


We are living in a highly sophisticated Internet era where practically everyone is vulnerable and exposed to security risk, especially when most of us are cloud consumers. Cloud computing, which was just a buzzword a few years ago has gone mainstream now. In fact, if we take a look at two surveys conducted by InformationWeek in 2008 and 2012 the difference in quite prominent.

In 2008 InformationWeek executed a survey regarding attitudes toward the cloud, 21% of the 456 respondents considered cloud computing a “marketing term used haphazardly.” On the other hand, 2012 version of the InformationWeek survey reveals that one-third of 511 respondents are already receiving services from a cloud provider. Another 40% said they were in the planning or evaluation stages.

So, the shift in cloud computing is pretty clear. Undoubtedly, it comes with numerous advantages like cost saving, efficiency and low maintenance, one thing that needs attention is the data security. Despite all the security promises of the various cloud delivery models, security is a constant threat for organizations.

A prominent example of cloud security issues is the recently reported hack of Zendesk, which sells cloud-based customer service software. According to the company, a hacker accessed support information for three of the company’s customers and then downloaded the email addresses of people who contacted those customers for support. Though Zendesk patched the vulnerability soon, damage was already done.

So, the question is that how should enterprises decide on a cloud security strategy? What steps should they take to cope with such situation?

“The first step is to know your business requirements, the type of cloud service you’ll be using and your risk tolerance levels. Every organization’s security needs and expectations are different, so it’s important to understand how the cloud service provider can meet those needs,” says Jon-Michael C. Brook, senior principal cloud/security architect at Symantec.

Another thing that enterprises can do is to follow the record of self-assessed security practices of IaaS, SaaS and PaaS vendors, maintained by the Cloud Security Alliance (CSA). This record helps organizations understand the factors for the vendors they are considering will offer in terms of security controls. Other useful documents by CSA that can be referred include Consensus Assessments Initiative Questionnaire that can help them in the process of selecting a cloud vendor.

Cloud security is increasingly becoming a matter of concern. A few days back, Alert Logic also released a report “Alert Logic State of Cloud Security Report – Spring 2013” in the similar domain. The report evaluated three vectors of analysis – incident occurrence, incident frequency and threat diversity – across six security incident of the key takeaways was the variety and statistical disparity of threats whether in an enterprise data center or out on a cloud hosting provider.