The recent pace of cloud migrations has been remarkable. The affordability, flexibility and scalability of cloud versus on-premises environments are usually cited as the drivers. But if there’s one inhibitor that keeps organizations from making the move to the cloud, that culprit is usually security.
A new survey conducted by Lieberman Software reflects these doubts about cloud security. According to the findings, 43% of IT professionals find it difficult to secure data in the cloud. A related finding revealed that 73% of them also prefer to keep their sensitive corporate data on premises – rather than in the cloud.
Lieberman Software ran a similar survey in 2014. That year, 80% of respondents said they preferred to keep sensitive data on their own network, rather than in the cloud. These findings indicate that trust in the security of the cloud has increased somewhat over the past couple of years. One reason may be that the cloud often provides the best security for storing critical data. This is particularly true for smaller organizations that don’t have traditional IT departments. Cloud providers have more security resources than these companies can implement internally.
However, it needs to be understood that the same IT security problems an organization faces on premises follows them into the cloud. Migrating to the cloud doesn’t mean they will encounter any more or less security risk than keeping data on premises
That’s because hackers use the same automated cyber attacks on physical systems that they do on cloud-hosted systems. To succeed – whether inside the cloud or not – attackers need privileged credentials. And to get these credentials, they use tactics such as spear phishing and social engineering to circumvent perimeter defenses like firewalls. Then, once inside the network, the attackers look for privileged credentials that allow them to leapfrog from system to system and steal sensitive data.
Privileged Credentials in the Cloud
So, a cyber security solution that generates unique and frequently changing credentials ensures that even if an intruder steals a password, that password soon expires and cannot help a hacker move laterally on the network. Which brings us to our next survey statistic. 43% of respondents admitted they do not change their credentials in the cloud as frequently as they do on premises. Perhaps this lack of credentials management in the cloud correlates to the perceived difficulty of securing data in the cloud.
If so, then perhaps a security solution that can protect privileged credentials in cloud or hybrid environments, while also securing the credentials that underpin the administration of cloud portals themselves, can spur greater confidence in cloud security.
The survey was done anonymously amongst nearly 140 IT pros attending the recent Microsoft Ignite show.