A growing majority of SMBs are turning to cloud computing for their IT infrastructure, but at the same time, IT and security professionals admit securing the cloud is difficult. This is a situation that could end up leading to bigger data breaches.
According to a Black Hat survey conducted by Tripwire, 84% of organizations find maintaining security configurations across cloud services difficult, and 75% think it’s easy to accidentally expose data publicly through the cloud. Why is this? Cloud infrastructure is becoming more complex, the respondents said, especially when managing a hybrid environment of private and public clouds with on-premises infrastructure. Another concern, according to the report, is that there continues to be uncertainty over who is responsible for securing data in the cloud—what is the service provider responsible for versus the customer. All of these issues lead to potentially leaky cloud situations.
“While cloud providers may take responsibility for securing their infrastructure, moving to the cloud doesn’t absolve you from the responsibility of protecting your own data. The cloud doesn’t magically protect the data and systems that you put in there,” said Tim Erlin, VP product management and strategy at Tripwire, in a formal statement.
The same day I saw the Tripwire survey results, a study conducted by Untangle that looked at SMB IT security also crossed my desk. It was in this study I noticed the high numbers for cloud adoption. The study reported that nearly three-quarters of SMBs have at least part of their IT infrastructure deployed in the cloud, but 60% don’t use a firewall in their public clouds.
I talked to Heather Paunet, vice president of product management at Untangle, about cloud adoption and security concerns. I figured that cloud applications benefit SMBs because of the lack of internal IT and security expertise (and the report confirms that thought), but I was surprised to find that many SMBs have multiple, geographically dispersed locations.
“SMBs are hiring the best employees for their company, even if this means that the employee is in a different city, state or country,” said Paunet. “Of those that Untangle recently surveyed, 40% of SMBs now have at least five employee locations, with 11% identifying more than 25 employee-based locations.”
Flexibility in employee-based locations is not the only benefit SMBs are finding as they transition to the cloud, she added. Transitioning to a cloud-based IT infrastructure allows SMBs to improve their processes, storage and networking resources, while the scalability of the cloud allows SMBs with limited resources to pay-as-they-go and transform their infrastructure as their business needs grow.
According to the Untangle survey results, 8 in 10 SMBs admit to being concerned about their overall network security, yet the public cloud remains a serious vulnerability. That’s because SMBs are often overwhelmed by their lack of an in-house knowledge base or internal IT support staff—one of the issues that led to the cloud in the first place. This may explain why so few don’t deploy a firewall, even though the lack of that basic security tool leaves them open to a cyberattack.
Not sure how to approach cloud security for your SMB? Erlin from Tripwire has a sound piece of advice: With the cloud, you need the same levels of protection as you would for your on-premises infrastructure.
“Organizations should start with visibility, followed by secure configurations and then vulnerability management,” he said. “You need to know what you have so you can protect it, then you need to make sure that systems are configured securely and that they stay that way. It’s simple to state, but it can be difficult to implement.”
So what should SMBs be doing to make sure the data in the cloud remains secure?
“SMBs should always establish a multi-layered approach to data security using a complete network security framework to protect, filter, and manage their business,” said Paunet. Layering solutions, such as a firewall, can allow SMBs to:
Pauent also recommended that SMBs also adopt a firewall-as-a-service (FWaaS) model. The FWaaS will deliver the much-needed firewall and other network security capabilities as a scalable unified threat management solution for cloud-based IT infrastructures. “By utilizing FWaaS, organizations no longer need to worry about maintaining hardware or applying patches and updates as this task falls on the FWaaS provider, ensuring the organization’s network is always secure,” Paunet added.
Your cloud service provider is not responsible for securing your data and your applications. “It’s incredibly important to understand that fact,” Erlin stressed.
Penetration testing, or pen testing for short, is a critical way to protect IT systems and sensitive data from malicious…
Virtual private networks (VPNs) form a staple of the modern work environment. VPNs provide an essential layer of protection for…
Cradlepoint, a unit of Ericsson, today launched a secure access service edge (SASE) platform for branch offices using 5G wireless…
Casey recently was involved in an event that brought hackers and 5G technology together, tune-in to learn about the results…
What is the CCPA, the California Consumer Privacy Act? CCPA, or the California Consumer Privacy Act, is a law in…
Authors/Presenters: *Federico Cernera, Massimo La Morgia, Alessandro Mei, and Francesco Sassi* Many thanks to USENIX for publishing their outstanding USENIX…