Cloud Security – Threats, Issues and Predictions

Concerns over cloud security are obviously among top priorities for anyone involved in cloud business or managing the migration of their applications to the cloud. The trend continued to rise dramatically after the NSA incident (the leaking of classified documents detailing the data collection activities of the U.S. National Security Agency) and the users became more concerned over who to trust their data with – they are more careful, but they are not necessarily abstaining from the cloud. The issues of critical information infrastructure, legal issues, cryptography, certification and compliance are questioned in more depth, over and over again.

7 in 10 companies will still move apps to the Cloud

Nonetheless, the experts say that the future of cloud looks bright, 7 in 10 companies using cloud services will move new apps to the cloud, even though security in the cloud is a concern (source: Internap).

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

Furthermore, according to a LinkedIn survey of 7,052 respondents, 54% said security is their top concern for transitioning to the cloud and indeed, security threats are many: application attack, brute force, malware/botnet, misconfiguration, web app attack…

However, if we consider the difference between the security of on-premise infrastructure and cloud service provider infrastructure, the numbers show that in most cases it is safer to trust your data with a service provider. In other cases, numbers do not vary that much (see comparison below).

Bar chart showing security incidents by storage type and attack category.
Comparison between threats on on-premise data and data trusted to a cloud service provider
Source

At Internap, they suggest that you need to know more about your service provider, to be sure and they give example questions you should ask before trusting your data with the cloud:

  1. Are there exception monitoring systems available?
  2. How is staff access controlled?
  3. What are the data protection laws (in that specific area)?
  4. Can I obtain a security audit of your host?
  5. What third-party companies do you work with and will they be able to access my data?
  6. How are passwords created, protected and changed?
  7. Are guarantees and penalties available?
  8. Can you accommodate my existing security policies?

These questions should help you find out whether you’ll be working with a secure vendor or not, the most important of which probably being about the third parties involved in the business with the vendor.

Considering performance, infrastructure security and governance is crucial to successfully migrate applications to the cloud.

Predictions: Data Privacy will become a hot topic in 2014

Larry Warnock, president and CEO at Gazzang, reflected (for CloudTweaks) on recent NSA spying revelations and cloud security concerns, and predicted what this may mean for future innovative technologies:

  • SaaS vendors will offer encryption keys revocable by end users
  • Vulnerability of APIs will be exposed
  • European companies migrate data from US-based cloud and SaaS providers in response to NSA Prism scandal. US-based cloud service providers including Google, Amazon and Microsoft account for approximately 85% of global markets. However, a recent Cloud Security Alliance survey of 500 respondents found that 56%of non-US residents were less likely to use US-based cloud providers in light of recent revelations about government access to customer information. In response, the EU’s European Cloud Partnership is drafting a charter to promote an EU-based digital cloud service
  • As NSA concerns fade, data privacy concerns skyrocket. Most people and organizations will realize they’re not being targeted by the NSA; however, the residual effect of the spying scandal is that data privacy will become a scorching hot topic in 2014
  • Major trustees of consumer data, such as Google, Yahoo and Facebook begin to offer consumer-based key management services, where the provider hosts the encryption and the end-user manages the keys to their personal data. Consumer cloud storage providers tend to design systems that emphasize recoverability over security

TwinStrata founder and CEO Nicos Vekiarides, predicts boldly (as reported by e-week) that the “encryption provided by cloud providers will be deemed insufficient because customers won’t own the encryption keys. Overall,” he claims, “2014 will be the year organizations become more aware of, and look to address exposure points along the data-supply chain.”

The predictions about NSA leaks causing loss in revenue for cloud providers in billions of dollars, proved untrue. But the impact on increased emphasis on cloud data security and protection that is only expected to grow in 2014, can not be neglected. Google and Microsoft both promised to have their data encrypted in the cloud. Dropbox announced similar data encryption programs… However, users will try and retain more control over their data. Many new cloud tools are being developed that support exactly this idea of businesses taking fairer advantage and control of cloud hosted infrastructure and services. Many cloud vendors will begin releasing transparency reports. Migration to the cloud will not face a slow down, but only a few further check-points on a speedy highway.

Feel free to address your concerns and predictions in the comments!

Banner advertisement for GlobalDots offering protection against DDoS attacks with a call to action to learn more.
  1. Ten security predictions for 2014 from NeoHapsis
  2. Last Week in Performance Industry – December #3 Edition
  3. How to Pick a SaaS Solution
  4. Looking for cloud services? Have your checklist ready

Latest Articles

What are the biggest business worries in 2025?

No matter their industry or profession, practically every business in the UK and around the world has concerns for the year ahead. Whether it’s employee retention, rising costs, or simply finding new customers, each and every business owner has to make crucial decisions around these fears in order to successfully lead their company forward. However, […]

20th February, 2025
From 2024 to 2025: The Evolving DDoS Threat Landscape

The numbers from the DDoS landscape tell a troubling story. In Q3 2024, DDoS attacks reached unprecedented levels, reaching a record-breaking Tbps and billion packet-per-second attack. These hyper-volumetric campaigns tested the resilience of global networks against attackers who are becoming faster, smarter, and more resourceful. They also became a wake-up call for IT leaders who […]

13th February, 2025
Universal ZTNA: How Does it Compare to Traditional ZTNA?

How will you protect your network as cloud-first strategies and hybrid workforces redefine the modern business landscape? While Traditional Zero-Trust Network Access (ZTNA) solutions laid the foundation for secure access, Universal ZTNA is rewriting the rules. Imagine a solution that unifies your security policies across all environments, simplifies management, and scales easily. That’s Universal ZTNA. […]

12th February, 2025
4 Common Kafka Installation Errors – And Proven Steps to Avoid Them

Apache Kafka is the platform of choice for real-time data processing, but getting it up and running can feel like an uphill battle.  With high throughput and fault tolerance, companies like Spotify rely on this distributed streamlining platform to deliver seamless services for over 600 million global users – supporting everything from log aggregation and […]

9th February, 2025

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

    GlobalDots' industry expertise proactively addressed structural inefficiencies that would have otherwise hindered our success. Their laser focus is why I would recommend them as a partner to other companies

    Marco Kaiser
    Marco Kaiser

    CTO

    Legal Services

    GlobalDots has helped us to scale up our innovative capabilities, and in significantly improving our service provided to our clients

    Antonio Ostuni
    Antonio Ostuni

    CIO

    IT Services

    It's common for 3rd parties to work with a limited number of vendors - GlobalDots and its multi-vendor approach is different. Thanks to GlobalDots vendors umbrella, the hybrid-cloud migration was exceedingly smooth

    Motti Shpirer
    Motti Shpirer

    VP of Infrastructure & Technology

    Advertising Services