More sensitive data workloads may not be best served in the software defined networks of the public clouds
Layering best-in-class, proven security tools and reevaluating their effectiveness often takes time and commitment
The best cyber security professionals are in short supply, want the latest technology training and must be well compensated
Real world, experience-based processes are a must for Security Operations Center (SOC) efficiency and rapid Incident Response (IR) when there is a problem.
The Fab Four of secure cloud computing is possible, but it is NOT easy, fast, or inexpensive to put together properly. For most companies, DIY does not make good business sense – their significant investment in time and money is better spent elsewhere. And the cybersecurity risk of getting it wrong is increasing every day.
Moving your data to the cloud introduces a slew of new security challenges as you give up control of the compute environment and rely on a third party for infrastructure, tools, personnel and processes. As you consider moving some of your more sensitive workloads, here are the top threats to security of cloud computing that need to be addressed:
Permanent Data Loss
Cloud Service Abuses
Advanced Persistent Threats (APT)
Exploited System Vulnerabilities
Hacked Interfaces and APIs
Shared Technology, Shared Dangers
Compromised Credentials & Broken Authentication
Source: Cloud Security Alliance (CSA) 2016
Secure cloud access means that a data owner can perform the selective restriction of access to their data outsourced to cloud. Legal users can be authorized by the owner to access the data, while others cannot access it without permissions. Further, it is desirable to enforce fine-grained access control to the outsourced data, i.e., different users should be granted different access privileges with regard to different data pieces. The access authorization must be controlled only by the owner in untrusted cloud environments. Secure cloud computing access keys should not be kept in the service provider's cloud to minimize malicious insider attacks or the risk of a provider-wide data breach.
The shared, on-demand nature of cloud computing introduces the possibility of new security breaches that can erase any gains made by the switch to cloud storage technology. Cloud services by nature enable users to bypass organization-wide security policies and set up their own accounts in the service of shadow IT projects. Secure cloud computing storage is essential for businesses seeking to store sensitive or regulated data in the cloud. Table stakes is encryption of data in transit and at rest. Both should be mandatory and automated. Take human error out of the equation with default SSL/TLS and self-encrypting hard drives (SEDs).