So, what are the dangers of Cloud Computing?
Cloud computing — also called "the cloud" — is not new. It is actually an old concept that proposes the use of IT resources and infrastructure remotely and on-demand. So, instead of using a local server to host critical systems, you can use a machine located anywhere in the world and access your assets from any environment.
The cloud has also introduced the software-as-a-service (SaaS) revolution, which, as the name suggests, refers to software that can be contracted for a monthly fee and be used in your browser, on any device or at any time, without the need to install anything on your machine. A facility for employees who are always on the move.
In fact, it was precisely the new coronavirus (SARS-CoV2) pandemic that boosted the cloud computing market. Forced to have their employees working from home, companies found in the cloud the most practical and fastest way to make their systems accessible to remote workers, depending less on the old on-premise servers and making workload migration much easier.
But those who think that cloud computing is all about wonders are wrong! This technological concept does offer many advantages and can be an important ally in the transition to the new normal, helping your company in the era of digital transformation and to modernize its infrastructure. However, it is also necessary to be aware of a series of risks and new threats that arise when this type of solution is adopted.
New environment, new rules
You may have noticed that there are new reports of data leaks in the media every day. Most of the time, these incidents occur due to misconfigurations in cloud storage environments, which end up making servers accessible to any Internet user.
It is commonly believed that a cloud server is, by default, more secure than a local server because it is managed by a third-party provider. This is an erroneous view because these providers usually work with a shared responsibility policy — they ensure the physical security of the machines and assume occasional vulnerabilities in their own systems, but…
The responsibility of correctly configuring servers, such as access privileges and the sensitivity of the information they store, is still on the shoulders of those who contract the service. That's why it is so important to have staff members who are specialized in cloud infrastructure since a simple misconfiguration can put the confidentiality of sensitive information at risk.
What about remote software?
The same goes for SaaS. It is not enough to simply choose the cheapest web application — it is crucial to know how to configure it correctly, to apply security measures to protect your employees' access to digital assets, and to ensure that you have a reliable infrastructure that does not cause service unavailability headaches or have source code vulnerabilities.
When it comes to cloud computing, we also need to consider the legal and regulatory aspects. Several industries (such as the banking segment) have their own regulations that must be complied with when migrating to the cloud, including in which country customer data will be stored and what the recovery plan is in case of incidents with the provider.
Cloud infrastructure is flexible, modern, cheaper to run, and may boost your staff's productivity and facilitate remote working, but you need to keep in mind that a different environment requires a different security strategy. So, on your journey to the cloud, keep in mind that several aspects of your Information Security Policy will need to be adapted to address the new risks and threats of cloud computing.
Article translated from: Afinal, quais são os perigos da Cloud Computing? — Perallis Security
