
Security in the Cloud
Much fuss has been made over security concerns relating to cloud computing. Just as cloud computing proponents tout the efficiency, scalability, and ease-of-use that come from leveraging the capabilities of the cloud, detractors highlight the dangers inherent with corporate data being stored in an unknown location, on an unknown number of systems, and protected by unvalidated controls. At the end of the day both groups have fair points, but it is important to recognize that cloud computing is here to stay and despite the unknowns, many organizations will look to the cloud as a way to increase efficiency and reduce costs. How, then, can organizations ensure that critical data and processes are protected while still realizing the benefits of cloud computing? It is critical that companies determine an appropriate approach to, and use for, the cloud. In some cases, certain organizations may have data that is considered so confidential or critical that cost savings are not worth the risk of data compromise or loss. In order to identify such circumstances, a risk analysis that enumerates threats, vulnerabilities, and potential impacts should be performed. A key criterion for proper assessment of risk is the accurate classification of data; ensure that data is classified appropriately so that particularly sensitive or critical information is not accidently put in the cloud. Additionally, compliance requirements should be examined to ensure that any changes do not negatively impact compliance status. Once the risk analysis has been completed, certain mitigating controls may need to be implemented to account for unknowns in the cloud infrastructure. For example, controls that would typically reside in lower tiers may need to be implemented in applications. After implementing and assessing these modifications, an initial migration to the cloud can begin. Keep in mind, though, that it is also important to develop a process for assessing new applications and data before they are moved to the cloud, as well as periodically reassessing systems and information that were previously deemed cloud-appropriate; this is fundamental to ensuring that cloud-related risks are considered on an on-going basis. While there are certainly challenges facing organizations looking to leverage cloud computing technologies, these challenges are not insurmountable. With a well-devised approach, including assessment and mitigation of cloud-specific risks, organizations can realize the benefits of cloud computing while still protecting critical data assets.
Explore More Blog Posts

Extracting Sensitive Information from Azure Load Testing
Learn how Azure Load Testing's JMeter JMX and Locust support enables code execution, metadata queries, reverse shells, and Key Vault secret extraction vulnerabilities.

3 Key Takeaways from Continuous Threat Exposure Management (CTEM) For Dummies, NetSPI Special Edition
Discover continuous threat exposure management (CTEM) to learn how to bring a proactive approach to cybersecurity and prioritize the most important risks to your business.

How Often Should Organizations Conduct Penetration Tests?
Learn how often organizations should conduct penetration tests. Discover industry best practices, key factors influencing testing frequency, and why regular pentesting is essential for business security.