Addressing the hurdles of cloud security: Why you may be setting yourself up for failure


Security is trumpeted as a top concern for organisations, especially with increased investment in new technologies like mobile, cloud, and the Internet of Things. As new technologies are introduced and adversaries become more sophisticated, the threat landscape and the attack surface within organisations continues to grow. This means that not only do organisations need protection from threats, they need to protect their data and they also need to protect their reputation and brand. However, not all companies are taking the threat as seriously as perhaps they should.

Just last week, two new industry reports on this subject caught my attention. The first report indicates that UK companies are still failing to protect their sensitive information against cyber-attacks. According to PwC, there has been a 38% increase in detected information security incidents this year, with these incidents now costing an average of £1.7m. PwC’s report found that businesses are failing to take cyber security seriously, despite noting a 24% rise in security budgets this year.

Corero Network Security also recently launched its mid-year report on the current state of DDoS attacks based on the experience of its global customers. In the report Corero stated that attackers are leveraging sub-saturating DDoS attacks with growing frequency and the attackers are using shorter attack durations to evade defences. DDoS scrubbing solutions can cause disruption in a network and are often used to distract victims while other malware penetrates networks and steals customer information and company data.

With DDoS attacks on the up (the report by Corero showed that customers experienced about 4.5 DDoS attacks per day in Q2 2015, a 32 percent increase on Q1) and malware continuing to increase (it has doubled in the first half of 2015), now more than ever companies need a safe and secure place to store sensitive data.  This also means that as companies continue to try and combat the increasing onslaught of cyber-attacks, including DDoS, so they are turning more and more to their service providers to help them achieve this.

Just a couple of weeks ago we released our latest Enterprise Cloud Services – Advanced Security Solution (EC-AS) combining our existing VMware vCloud platform and our management console with advanced security features including vulnerability scanning, whole disk encryption, event and log analysis, antivirus and malware and intrusion detection. We did this because both our customers – and the market – were telling us they needed more sophisticated security solutions to help them achieve cloud security and compliance. The Corero report substantiates the need for more sophisticated security solutions and in particular highlights customer demand for higher levels of security from service providers.

We find that today cloud initiatives are increasingly stalling or getting cancelled altogether because the security risks are deemed to be too high. This results in an uncomfortable situation for IT leaders as lines of business in their organisations are still demanding the agility, scalability and cost savings that cloud computing can deliver. IT leaders know they can’t abandon cloud altogether, the benefits are too high – and yet they also know whose head will be on the line if an outage, data loss or hacking incident was traced to a cloud workload.  So what can they do?

One ECS-AS feature that our customers are particularly excited about is on-demand security reporting. At the click of a button, our customers can get a report showing the security of their cloud resources, data and applications across all of their security parameters. This report can be used to show executives the security status of the organisation’s cloud workloads (thereby quelling any residual fears they have about cloud security) as well as show compliance to auditors as required.

To provide further assistance to the mid-market we have also released a compliance services offering which helps companies meet compliance requirements for industry regulations such as SOC2 and PCI-DSS. Additionally our certified compliance team helps customers interpret reports, provide supporting documentation, answer auditors’ questions, align to ITIL frameworks and so on. Achieving compliance can be a game changer for customers in the mid-market and pave the way for growth acceleration. As a result, this is opening up a whole new level of cloud usage to the mid-market – especially in industries that require stringent security and compliance like Healthcare, Insurance and Finance.

That said, the threat landscape and attack surface is only set to get worse and unfortunately, despite the scale of threats, many businesses are still not doing enough to protect themselves from what could be a financially crippling attack. My advice is make sure that you are working with a cloud service provider that can help you address security and protect your cloud workload, otherwise you could  be setting your cloud projects up for failure.