On-site security may not be as safe as the cloud

September 21, 2012

Those who believe that data security in the cloud can be easily compromised may have to eat their words after a recent survey showed that on-site storage facilities are at a greater risk of attacks from malware than cloud service providers.

According to Forbes, a study of 70,000 security breaches over a 12 month period showed that the cloud was less likely to be targeted than on-premises web security protocols. The survey was rolled out to a mixture of 1,600 companies, some of which used the cloud and others who preferred to have their data nearby.

The survey considered a number of different attack techniques from either cybercriminals or groups with malicious intent, with web security breaches often used as reconnaissance before a more brutal intrusion occurred.

Web application attacks
The greatest area of vulnerability was in web application attacks, an area that the cloud experiences more frequently, and was defined by the authors of the report as "attacks targeting the presentation, logic or database layer of Web applications," with 53 percent of service provider environments compromised as opposed to 44 percent of on-site systems.Twenty-two percent of high-profile IT firms had been attacked, with the theory being that they had "network configurations that make them useful to hackers."

However, on-site systems are targeted more frequently, with web application attacks the cause of system problems 61.4 percent of the time, while cloud data security providers report that attacks of this nature account for 27.8 percent of all security breaches. On-site environments are also more prone to brute force attacks and continual reconnaissance missions by hackers or other interested parties.

Safe from malware in the cloud
The report showed that 46 percent of all corporate systems had been hit with attacks that showed "a large number of combinations, typically involving numerous credential failures," with 39 percent of cloud service providers targeted in the same way. The authors of the report also advised that malware was able to slip into 36 percent of on-premises systems, while only 4 percent of cloud data security providers reported finding any virus.

"Given the prevalence of un-sophisticated attacks, such as brute force and reconnaissance, in both cloud and on-premise environments, and across all industries, the fundamentals apply," the report concluded. "Multi-layer security, close attention to basic management practices, such as patch management and upgraded operating systems, and use of monitoring and defensive technologies to identify and stop attacks."

-McAfee Cloud Security