January 8, 2014
While cloud-based applications and data repositories are an increasingly attractive option for enterprises to store data, they are also becoming a popular target for cybercriminals who can slip through gaps that haven't been properly secured. What is more striking is the general lack of security on the enterprise level — more than 80% of business users access cloud-based applications without IT administrators’ knowledge or support, according to a recent report.
Cloud-based applications offer economic benefits and functional improvements, but also open the door to new attacks. Through the cloud, cybercriminals can slip through security vulnerabilities to launch new attacks and target new areas, such as hypervisors found in data centers, the communications infrastructure within cloud services, and the management infrastructure to administer large-scale cloud services. The main problem for enterprise security managers and administrators is that once a business application is transferred to the cloud, visibility and control of the app is lost and harder to maintain.
As more enterprises migrate to the cloud for storage, security leaders need to constantly ensure a cloud provider's user agreement complies with sufficient security measures that compensate for a loss of direct control over the enterprise security. Larger corporations may have an easier time leveraging the proper security necessary for adequate cloud protection. However, problems may arise for small businesses or organizations that may not have the resources available to ensure the necessary cloud security, and will need to verify the provider's agreement has a clear outline for security management and data ownership. Newer cloud services still in their infancy may even have exposed surfaces and vulnerabilities until they are able to obtain the instrumentation and countermeasures necessary to ensure the data they possess is secure.