In 2016 we saw the rise of cloud adoption, with three new Internet-based companies created every second. With –Forester predicting that the global public cloud market expected to reach $236 billion by 2020.

With this comes the evolution of cybercrime and the need to think about security. Thus combatting this cybercrime, Cloud security must become more than just an IT problem. Trevor Coetzee of Intel Security discusses cloud adoption and the reasons for it, as well as the associated threats and how to be more secure.

Cloud adoption was the order of the day for many organisations locally and globally this year, with three new internet-based companies created every second. And this is set to continue into 2017 and beyond – Forester predicts the global public cloud market to reach $236 billion by 2020. However, with this forward-thinking digital approach, comes the evolution of cybercrime and the need to think carefully about security.

At a recent Intel Security cloud security roundtable, where we discussed the McAfee Labs 2017 Threats Predictions Report, cloud adoption was top of mind – the reasons for it, the associated threats and how to be more secure.

 

Fewer resources, more agility

With both a global and local skills shortage in the realm of cloud technology and security, many companies are choosing to outsource so they can concentrate on their core competencies rather than operational functions. This is coupled with the need to cut costs (by not having to invest in on premise infrastructure) and increase agility and speed of delivery. Trust in the cloud is also growing significantly.

However, attacks in the cloud are set to grow by 129%. To ensure that the cloud is a secure environment in which businesses can operate, the security teams within organisations can sometimes hinder the go-to-market speed of cloud adoption. Security wants to be an enabler of business by finding ways to use the cloud in a safe and secure way – but this can get in the way of employees’ need for instant gratification.

 

The problem with Shadow IT

It’s for this reason that Shadow IT – cloud applications like DropBox – continue to hold weight in the market. They offer employees agility, flexibility and convenience, immediately. The problem is that this results in organisations having poor visibility of where their corporate data is stored.

With this in mind, it’s never been more important for organisations to work with legitimate cloud service providers, which provide compliant infrastructure, protection of this infrastructure, as well as redundancy. Once this is in place, security can effectively become the “No, but…” champions – no longer allowing employees to access Shadow IT applications, but giving them an effective alternative.

 

Protecting data in the cloud

That said, another important consideration is that while cloud service providers do provide protection of the underlying infrastructure, they do not protect their clients’ assets added to this infrastructure. In addition, every cloud provider adheres to a different set of security standards and compliance requirements. This means organisations are responsible for the security of their own data.

As more and more data flows into the cloud, so the attack surface grows and it becomes harder to keep up with potential attacks. It’s no surprise then, that attackers are set to leverage cloud resources for massive brute force attacks.

To ensure they are secure when building something in the cloud, organisations must assume that the infrastructure is unstable, and make sure they have redundancy and security measures in place. This is particularly necessary considering that while the likes of Amazon, Salesforce and Microsoft sill hold the lion’s share of the market, there are also many fly-by-night cloud service providers whose infrastructure may not be as solid.

In addition, the significant growth of IoT is set to break many existing cloud security models or at least overwhelm them. There isn’t a security framework around IoT yet, so there are many backdoors we’re not likely to pick up for years to come. And with the proliferation of BYOD combined with IoT, attackers are likely to find it easier to hack into organisational networks via home networks.

 

Working together to be as secure as possible

So, the stakes are higher than ever to find ways to be as secure as possible. The top three market shareholders in cloud security currently are identity and access management, data loss prevention and email security, as organisations are scurrying to ensure these important areas of their business are secured.

Multi-factor authentication will continue to be a popular choice, but biometrics – using elements such as facial and iris recognition – are growing as an additional way to guard against identity theft. Cloud access security brokers (CASBs) are also growing in popularity as an effective means of redirecting traffic to a central point, determining what information and services users have access to and managing and monitoring this access and connectivity. In addition, the role of machine learning for the real-time risk scoring of cloud services, along with data stewards within organisations, cannot be ignored.

Importantly, apart from organisations working on these areas to be more secure themselves, there is also a lot more threat intelligence sharing across vendors and government agencies, and cloud service providers and security vendors are set to collaborate more in the future.

As we continue to see increased cloud adoption in the years to come, the risks can’t be ignored – but neither can the benefits. To work successfully in the cloud, organisations simply need to start seeing the cloud as an extension of their business rather than a separate part, and subsequently cloud security as a business problem – not just an IT one.