How Secure is the Cloud?
With security topping the list of reasons that businesses are hesitant to make the jump to cloud services, the question remains—how secure is the cloud after all?
Alert Logic tried to answer that question in the release of its Spring 2014 Cloud Security Report. The answers are not necessarily reassuring to businesses exploring cloud service offerings.
Drawing on data obtained from a customer base of 2,200, the company found a significant increase in activity across cloud and hosting environments compared to last year's findings—brute force attacks climbed from 30-44 percent of customers, and vulnerability scans increased from 27-44 percent.
The attacks are following the same adoption rate as businesses increasingly migrate toward cloud solutions. These two types of incidents—historically far more likely to target on-premises environments—are now occurring at near-equivalent rates in both cloud and on-premises environments, according to the company.
"Our intelligence suggests that the observed increase in cloud attacks is correlated to the growth of cloud adoption in the enterprise," said Stephen Coty, chief security evangelist at Alert Logic. "As more enterprise workloads have moved into cloud and hosted infrastructures, some traditional on-premises threats have followed them. This reinforces the necessity for enterprise-grade security solutions specifically designed to protect cloud environments."
As part of the research project, Alert Logic deployed honeypots in public cloud infrastructures around the world to observe attack types and frequency. A honeypot is a decoy system configured to be intentionally vulnerable, deployed to gather information about attackers and their exploitation methods.
The company states that while honeypots are not typically the target of highly sophisticated attacks, they are subject to many undefined attacks, and provide a window into the types of threats being launched against the cloud.
Alert Logic found the highest volume of attacks occurred in Europe, where honeypots experienced four times the number of attacks as the United States. Also, 14 percent of malware collected through the honeypots was considered undetectable by 51 of the world’s top antivirus vendors.
That justifies the concerns about cloud migration, but it remains to be seen if that concern will slow down the growth of cloud services.
“Of organizations that use the public cloud, the majority are putting only a small percentage of their data and applications in the public cloud,” wrote Matthew Harkrider, Alert Logic founder & product manager, in the company’s blog. “Over the next few years this will change. There will be more organizations using the public cloud and they will be putting more stuff up there. However, it will be sometime before that is the majority of data and applications. Yes, 20 years from now it may well be the case. But for the short term a combination of public cloud and private cloud/on premises hosting will be dominant.”
The company performed a survey between April 1 and September 30, 2013. Data for the report was collected from one billion security events, and Alert Logic verified more than 232,364 security incidents as valid threats. To view the Spring 2014 Cloud Security Report visit www.alertlogic.com/csr .
Edited by Maurice Nagle