Report: Cloud attacks are less frequent than those against in-house systems

IT pros typically worry about cloud computing security when they move applications and data to third-party service providers. But in this guest post, Reanna Gutierrez discusses new research that shows cloud services are attacked less often than in-house data centers. 
_____________________________________________________________

As cloud computing and hosting become more prevalent in the business world, securing the data and systems that are entrusted there becomes a greater and greater concern. Because of the nature of the cloud, users intuitively believe that it must be less secure and under more frequent attack than systems that are run off physical servers.

It’s fairly easy to understand why this impression arises. That big server room with the carefully restricted access in the basement of corporate headquarters feels like an impenetrable vault in comparison to the average user’s idea of the cloud. The reality would seem to contradict perception in this case, as in so many others.

Recent research

Alert Logic performed a survey in which they analyzed one billion actual security threats to businesses in the fall of 2012. Over the course of six months they looked at just over 1,800 companies, including some that operate primarily in the cloud, as well as those who use enterprise data centers for their computing needs.

This study examined the frequency of the attacks on these organizations, as well as the type of threat that was detected. They considered brute force attacks, web application attacks, malware or botnet software, and vulnerability scans, among others. In most cases, the number of threats made against cloud hosting providers was slightly lower but comparable to those aimed at enterprise data centers. The only exception to this pattern was with web application attacks, which were slightly more common in the cloud environment.

What this means for businesses

This study largely debunks the theory that cloud hosted data and cloud computing are generally more vulnerable to attack than traditional data centers. The reality is that the traditional server room offers no tangible security measures that cannot be duplicated in the cloud. In fact, the very nature of the cloud allows for greater adaptability and innovation, which could mean that given time, security measures will be developed that would not have been possible in the old model.

Moving data to the cloud can create new opportunities for flexibility and innovation in just about any industry, and cloud providers are working hard to offer secure services, including systems and best practices for protecting their customers’ data and for recovery after a disaster. However, as with any other system, some responsibility for security falls with the users. If your company is planning to move some or all of your computing and hosting needs into the cloud, it is still important to take steps to protect yourself and your customers.

Responsible transition into the cloud

No matter how much data you plan to relocate, security should be a consideration at every stage of the process. Before trusting a company to host your data, research its security policies to ensure that it will offer the level of protection you need. Investigate their security protocols and disaster recovery and seek out reviews from current and previous customers.

When the time comes to begin transitioning your data into the cloud, doing so piece by piece will allow you to evaluate the security and operations of the hosting service you’ve chosen. Begin with items that are small and less sensitive, such as email and file sharing, and once you know that those processes are running smoothly, begin adding other applications. Remember to reevaluate the security measures in place at regular intervals after the transition is complete, as your needs and potential threats will likely change.

As ever, the security measures in place will only be their most effective if your employees and users understand their own role in protecting their data. Ensure that all users are educated about risky behavior and data security best practices so that no gaps in security arise from ignorant or complacent employees.

About the author: Reanna Gutierrez is the Product Marketing Manager for OneNeck, which offers IT managed services for mid-level business. She enjoys writing about new developments in business technology and the ways that they are reshaping markets.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy