January 7, 2020

Cybersecurity Trends in 2020: Cloud Security

Written by
Why is TechnologyAdvice Free?

Don’t miss the rest of the articles in our Cybersecurity Trends in 2020 series:

relative popularity of cloud security over time google trend line.

Cloud computing has dominated our collective business consciousness over the last 10 years. Unfortunately, as the image above shows, cloud computing security’s popularity pales in comparison. While organizations and individuals have spent the last decade moving data from on-premise servers to the cloud or hybrid environments, they often take the security of that migration for granted.

We spoke to cybersecurity experts about the changing landscape of cloud security for 2020. These are their assessments of our current risks and how organizations should prepare themselves.

The current risks posed by cloud computing

Cloud computing grows ever more popular. When businesses store their data in the cloud, they take advantage of an infrastructure as a service (IaaS) with built-in security protocols. Many organizations also benefit from the reduced overhead costs of ditching their on-premise servers.

But organizations that migrate their data to the cloud do take on a level of risk. Henry Ly, project manager at OccamSec reminds us that “As everything shifts to the cloud, attackers will be going after misconfigurations in the cloud. Organizations are still responsible for securing everything in the network infrastructure, and human errors during the configuration process will make it easy for attackers to get in.” As with so many security risks, human error during the system configuration poses a significant threat.

Henry Ly cybersecurity expert. Henry Ly, project manager at OccamSec

Jim Sneddon CTO and founder of Assuredata agrees, “With so many companies using cloud-based systems, they are rich pickings for cyber criminals.” He notes that cloud databases attract bad actors because they pose such a rich payoff, with huge stores of data in a single location.

And the criminals know how to get in easily, as “They just look for poorly configured systems to exploit and they then have the low hanging fruits of their labour,“ Sneddon says.

While many organizations have gotten over (or ignore) their original misgivings about sharing database space with other organizations in the public cloud, they may have worried about the wrong threat.

Advice for securing cloud storage in 2020

The experts we spoke with emphasized cooperation between organizations and their cloud providers. They agreed that a lack of communication about services, security protocols, and expectations would increase the risk.

However, Adam Stern, founder and CEO of Infinitely Virtual wants to temper the threat of cloud computing. He says, “…the cloud has matured and is (finally) a highly secure place to do business. The cloud now has the procedures, tools, and safeguards that make it among the safest places to be during a cyber-storm.” But these guardrails can only go so far.

Adam Stern cybersecurity expert. Adam Stern, founder and CEO of Infinitely Virtual

“Enterprises should adopt solutions from companies that give cloud visibility, recommend security policy, and orchestrate the policies to prevent attacks,” says Umesh Padval of Thomvest Ventures. “Secondly, they should accelerate data protection and encryption while data is being transmitted, stored and processed.” These added safeguards protect organizations where their cloud security providers leave off.

Ameesh Divatia, co-founder and CEO at Baffle, Inc, says that organizations have a long way to go before gaining full cloud computing maturity. He argues, “…companies will need to go beyond focusing on cloud security configuration and controls and come to grips with protecting the actual data as part of the ‘shared responsibility model.’”

Ameesh Divatia cybersecurity expert. Ameesh Divatia, co-founder and CEO at Baffle, Inc.

Stern adds, “To the extent that users feel ill-served by cloud vendors, cloud computing itself could be at risk. Vendors who argue for DIY security — effectively passing the buck to users, rather than partnering with users — are likely to suffer.”

He goes on to recommend that organizations “Embrace providers who bask in security. Bad actors have ever-bigger toolsets and are relentlessly upping their game. In the year ahead, those organizations that put aside (often political) turf wars around on-premises vs. off-premises computing and focus instead on strategies, policies, and practices that ensure application and data safety/security are most likely to prevail.”

These experts agree: cloud computing will continue to rise in importance in the business landscape. As more data is transferred to and stored in the cloud, the more important cloud security practices will become.

Finding the right cloud security software

Whether you partner with a cloud storage solution that provides the full-service security you need, or your organization decides to manage your cloud security with in-house software, choosing a vendor is never easy.

TechnologyAdvice can help you take hours off your research process by setting you up with a short list of vendors that meet your organization’s requirements. Use our Security Software Product Selection Tool to get your recommendations today.

Technology Advice is able to offer our services for free because some vendors may pay us for web traffic or other sales opportunities. Our mission is to help technology buyers make better purchasing decisions, so we provide you with information for all vendors — even those that don't pay us.