First the bad news: attacks against cloud systems are on the rise. Now, the not-quite-as-bad news: cloud incursions are are no worse than attacks taking place against on-premises systems.
Okay, this isn’t exactly the most reassuring news in the world, but it does illustrate the point that cloud applications and data may be no more vulnerable than traditional systems.
These conclusions are based on findings of a new survey from Alert Logic, drawing on data obtained from 2,200 customers. This report is based on 232,364 verified security incidents among both cloud and on-premises systems, identified from more than one billion events observed between April 1 and September 30, 2013. Overall, the security vendor finds, brute force attacks against cloud hosting environments, climbed from 30percent to 44 percent of customers, and vulnerability scans increased from 27 percent to 44 percent.
These two types of incidents—historically far more likely to target on-premises environments—are now occurring at near-equivalent rates in both cloud and on-premises environments. Close to half of on-premises data centers, 49 percent, suffered brute-force attacks during this time, compared to 44 percent of cloud providers. Cloud centers were more subject to web applications attacks, 44 percent to 31 percent. Fifty-six percent of on-premises systems were hit by malware and botnets, versus only 11 percent of cloud centers.
However, as the report’s author, Stephen Coty, points out that attacks seem to be increasing across all environments, and, “in parallel, the types of attacks experienced in the cloud are increasingly consistent with the types of attacks experienced in on-premises environments. Our hypothesis is that the reason for this convergence is the fact that traditional enterprise workloads are increasingly moving to the cloud.”
A major security exposure for many enterprises is shadow IT, in which clouds are adopted outside the purview of IT, and thus not vetted for corporate standards and security, Coty adds. ‘Security consciousness and standards need to be raised throughout the enterprise to balance the value of the cloud with the requirements of good security and compliance. An organization’s security posture must extend from edge devices to the heart of the business—the data center—whether that data center is on-premises, within the cloud, or hybrid.”