Rush to Cloud Computing Raises Security Concerns

Demand for cloud computing is accelerating. In 2019, companies exceeded spending on in-house data center hardware and software for the first time. According to John Dinsdale, chief analyst at Synergy Research Group, in a recent interview with the Wall Street Journal, companies are paying an estimated $96.4 billion USD on cloud-based services. This year, the pandemic is further fueling demand for cloud computing, as more employees and students work from home. 

As demand soars, major cloud-services are reaping big rewards. In April, Amazon reported that its cloud services in the first quarter increased 33% (roughly $10.22 billion USD). 

The growth is encouraging companies to increase focus on security. In July, Google announced an innovative security product for its enterprise cloud services that encrypts data as it is processed.

“We wanted people comfortable [in knowing] they can move to the cloud and don’t have to worry about the security of [their] data,” Thomas Kurian, chief executive of the Google LLC unit, told the Wall Street Journal. 

The Need to Prioritize Security in Cloud Computing

The need for businesses to accelerate their cloud-computing services often comes into conflict with the need to ensure these services are secure. Furthermore, the rapid expansion of cloud-native applications, which raise their own security concerns, are adding to the pressure. 

Traditionally, development and operations happened early in the development process while security wasn’t considered until much later. However, in order to ensure cloud services are safe, some experts say that security must be included from the beginning of the development process. 

“Clearly, when it comes to security, inclusiveness has a positive impact. This has given rise to trendsetting terms like DevSecOps, which place a focus on addressing security in the delivery process. With this approach, security is not just a trend, it is a bedrock of responsible enterprise delivery,” states John Wheeler, Vice President, Services Strategy, Offerings, Engineering and Business Operations, IBM Security, in Security Intelligence.

This means that security must be deeply embedded from the ground up—beginning with “coded assets” that are already deemed secure as trusted resources. 

“Good candidates are those constructs that are shared across the enterprise,” says Wheeler. “An example is treating container images, application templates, role-based access control policies and cluster configurations as ‘trusted’ resources that warrant their own governance and pipeline, as well as clearly defined personas that manage those resources. Larger enterprises might consider badging and internal certifications for new roles like image engineers, cluster engineers, pipeline engineers and so on.”

Some Businesses Turn to Multiple Cloud Platforms

Businesses are beginning to turn to multi-cloud platforms to store their data. The reasons vary as some may want to avoid the potential pitfalls of working with a single vendor while others may want to ensure redundancy of their data. Additionally, some businesses may need to comply with certain laws or regulations, such as requirements that data be stored in a particular country.

Typically, enterprises using multi-cloud platforms need to transfer their data over the different platforms, which costs them time and money. To solve the problem, Google launched its BigQuery Omni multi-cloud solution. The service allows enterprises using multiple cloud platforms (specifically, Google Cloud, Microsoft Azure, and Amazon Web Services) to access and analyze their data within a single user interface. Google can accomplish this because its code can run natively on all three platforms and acquire data locally within them.

Multi cloud platforms also come with security risks. Because multi cloud deployments can become fragmented, security tools and controls will need to be centralized. Three ways to do this include:

• using systems that allow for central log-ins within each cloud;
• implementation of a cloud security posture management services that will monitor issues between cloud interfaces and consoles (known as control planes), as well as a policy for how this should be achieved;
• the inclusion of centralized security and scanning tools and services, such as cloud workload protection platforms which can shield workloads from hackers.

While multi cloud platforms have the potential to streamline usability across competing cloud platforms, it has yet to be proven effective.  

Understand the Cloud

Learn more about the benefits and challenges of cloud computing and how it pertains to your organization. Check out the Cloud Computing Course Program, which offers 37 self-paced courses focused on various aspects of cloud computing technologies.

Contact an IEEE Content Specialist for more details about getting access to this program for your organization.

Interested in getting the program for yourself? Visit the IEEE Learning Network today.

Resources

Wheeler, John. (6 August 2020). Security Modernization for the Cloud. Security Intelligence.

Tilley, Aaron. (27 July 2020). Another Covid-19 Problem for Companies: All This Working From Home Isn’t Cheap. The Wall Street Journal.

Shackleford, Dave. (20 July 2020). Follow 3 key steps to improve multi-cloud monitoring. Search Cloud Security.

Castellans, Sara. (14 July 2020). Google Cloud Chief Finds Opportunities in Pandemic for Customer Connection. The Wall Street Journal. 

O’Donnell, Bob. (14 July 2020). Google Redefines Multi-Cloud Computing. Forbes.