Today’s businesses want it all: secure data and applications accessible anywhere from any device. It’s possible with cloud technology, but there are inherent challenges to making it a reality.
What can enterprise businesses do to reap the benefits of cloud technology while ensuring a secure environment for sensitive information? Recognizing those challenges is the first step to finding solutions that work. The next step is choosing the right tools and vendors to mitigate those challenges.
In our technology driven world, security in the cloud is an issue that should be discussed from the board level all the way down to new employees. The CDNetworks blog recently discussed “what is cloud security” and explained some of its benefits. Now that we understand what cloud security is, let’s take a look at some of the key challenges that may be faced.
Challenge 1: DDoS attacks
As more and more businesses and operations move to the cloud, cloud providers are becoming a bigger target for malicious attacks. Distributed denial of service (DDoS) attacks are more common than ever before. Verisign reported IT services, cloud and SaaS was the most frequently targeted industry during the first quarter of 2015.
A DDoS attack is designed to overwhelm website servers so it can no longer respond to legitimate user requests. If a DDoS attack is successful, it renders a website useless for hours, or even days. This can result in a loss of revenue, customer trust and brand authority.
Complementing cloud services with DDoS protection is no longer just good idea for the enterprise; it’s a necessity. Websites and web-based applications are core components of 21st century business and require state-of-the-art security.
Challenge 2: Data breaches
Known data breaches in the U.S. hit a record-high of 738 in 2014, according to the Identity Theft Research Center, and hacking was (by far) the number one cause. That’s an incredible statistic and only emphasizes the growing challenge to secure sensitive data.
Traditionally, IT professionals have had great control over the network infrastructure and physical hardware (firewalls, etc.) securing proprietary data. In the cloud (in private, public and hybrid scenarios), some of those controls are relinquished to a trusted partner. Choosing the right vendor, with a strong record of security, is vital to overcoming this challenge.
Challenge 3: Data loss
When business critical information is moved into the cloud, it’s understandable to be concerned with its security. Losing data from the cloud, either though accidental deletion, malicious tampering (i.e. DDoS) or an act of nature brings down a cloud service provider, could be disastrous for an enterprise business. Often a DDoS attack is only a diversion for a greater threat, such as an attempt to steal or delete data.
To face this challenge, it’s imperative to ensure there is a disaster recovery process in place, as well as an integrated system to mitigate malicious attacks. In addition, protecting every network layer, including the application layer (layer 7), should be built-in to a cloud security solution.
Challenge 4: Insecure access points
One of the great benefits of the cloud is it can be accessed from anywhere and from any device. But, what if the interfaces and APIs users interact with aren’t secure? Hackers can find these types of vulnerabilities and exploit them.
A behavioral web application firewall examines HTTP requests to a website to ensure it is legitimate traffic. This always-on device helps protect web applications from security breaches.
Challenge 5: Notifications and alerts
Awareness and proper communication of security threats is a cornerstone of network security and the same goes for cloud security. Alerting the appropriate website or application managers as soon as a threat is identified should be part of a thorough security plan. Speedy mitigation of a threat relies on clear and prompt communication so steps can be taken by the proper entities and impact of the threat minimized.
Cloud security challenges are not insurmountable. With the right partners, technology and forethought, enterprises can leverage the benefits of cloud technology.
CDNetworks’ cloud security solution integrates web performance with the latest in cloud security technology. With 160 points of presence, websites and web applications are accelerated on a global scale and, with our cloud security, our clients’ cloud-based assets are protected with 24/7 end to end security, including DDoS mitigation at the network and application levels.