Cloud computing is the biggest information security concern shared by businesses in the UK, followed by other potent risks such as cyber security disclosure and GDPR compliance, Gartner's Top 10 Emerging Risks of Q2 2018 has revealed.
In an indication that businesses are finally getting around to appreciating the risks that cloud services come with, risk, audit and compliance executives from across businesses have ranked cloud computing as the top emerging risk for their businesses, even though social engineering, which has been behind a spate of data breaches, is still not seen as a major risk by many.
The risk posed by cloud computing is faced by businesses in two ways: either when a hacker is able to successfully access sensitive enterprise data stored in the cloud, or when the cloud service provider is unable to offer uninterrupted service as a result of disruption into his own operations.
95% of data traffic in 2021 will take place on the cloud
Considering that global cloud data centre traffic will increase from a mere 6.0 zettabytes per year in 2016 to 19.5 zettabytes per year in 2021, thereby representing 95% of total data centre traffic, businesses need to ensure the cloud services they use are secure and robust enough to prevent cyber incidents, external data access, or frequent disruptions.
“Executives are right to expand cloud services as part of their digital business initiatives, but they need to ensure their cloud security strategy keeps up with this growth. Leaders should start by clearly identifying their most at-risk areas, which remain obscure to many large organization leaders," said Matthew Shinkman, practice leader at Gartner.
Accoring to Gartner's report, risk, audit and compliance executives are also concerned about other information security risks such as cyber security disclosure, GDPR compliance, the adoption of Artificial Intelligence, and social engineering, even though the latter ranks lower in risk perception compared to the global economy, business ethics, and risk aversion.
According to Lane Thames, senior security researcher at Tripwire, cloud computing is presently among the most potent risks to organisations because many organisations either do not understand who is responsible for securing things or they lack adequatecyber security talent to secure the cloud environment.
"Organizations can increase their security posture by moving to the cloud if they embrace and understand the associated ‘separation of concerns’ that are implied by using cloud computing technology. By separation of concerns, we are referring to who owns security at the various layers," he adds.
Thames adds that cloud computing now comes with various abstractions such as Infrastructure-as-a-Service (Iaas), Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), Backend-as-a-Service (BaaS) and Function-as-a-Service (FaaS) and by using these services organisations can offload security functions to cloud vendors and will only have to worry about things like identity management and data leakage.
Cloud computing used for shadow IT projects
Even though what Thomas says could be the right approach to using serverless cloud applications, it it not being followed by all organisations and many of them lack visibility into who handles such applications or do not have enough cyber security talent to manage such services effectively.
"Many older organisations are still struggling with legacy infrastructures and ensuring that they will be able to access their existing data through cloud platforms. Moreover at present, around a third of cloud consumption is driven by the business, rather than the IT department, through shadow IT projects. This risks not only undermining businesses’ digital strategies, but causing serious issues in industries where regulation limits the use of cloud," said Conway Kosi, SVP & Head of Managed Infrastructure Services at Fujitsu EMEIA.
"Close collaboration between the C-suite and the IT team will enable businesses to design a balance that works for them in the long term. By unlocking the power in existing systems while facilitating innovation with new technologies, hybrid IT can enable even older companies draw on the power of what they have today – while moving quickly enough for tomorrow," he added.