Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

4/13/2018
08:30 AM
Kelly Sheridan
Kelly Sheridan
Slideshows
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

7 Steps to a Smooth, Secure Cloud Transition

Security leaders share their top steps to keep in mind as your organization moves data and applications to the cloud.
Previous
1 of 8
Next

(Image: Verticalarray via Shutterstock)

(Image: Verticalarray via Shutterstock)

The rapid rate of cloud adoption has put the spotlight on security as businesses try to control and secure data and applications. Employees are moving to the cloud regardless of what the security team says, and their habits aren't changing any time soon.

Cloud adoption has ramped up over the past five years, according to a new Cloud Threat Report released by Oracle and KPMG this week. The percentage of businesses using public cloud services went from 57% in 2013 to 85% in 2018. In 2013, only 21% of organizations said they used infrastructure-as-a-service (IaaS). This year, that number hit 51% - a 143% increase.

This major shift is creating a new wave of cybersecurity challenges, says Akshay Bhargava, vice president of Oracle's cloud business group. Enterprise cloud users are realizing the complexity of threats to data in the cloud as new devices and identities access cloud environments.

"The biggest finding for us is just difficulty keeping pace at scale," he explains. "Many organizations are facing a challenge: their cloud adoption is growing significantly faster than their ability to secure their cloud footprint."

Ninety percent of survey respondents categorize at least half of their cloud-resident data as sensitive. It's worth noting that "sensitive" is a subjective term but generally, this information includes CRM data, personally identifiable info, payment card data, legal documents, source code, designs, and other types of intellectual property.

Despite the increasing trust in the cloud - 83% of respondents rate cloud security as good or better than on-prem security - companies often fail to take the right steps to ensure they're secure during the cloud transition. One of these is properly vetting a cloud service provider before doing business with them - a step that challenges many organizations.

Most (98%) of Oracle/KPMG's respondents conduct formal security reviews of public cloud service providers before doing business with them. However, only 47% conduct these assessments on their own and 52% use a third party. The challenge comes from a lack of industry standard benchmarking providers' security programs, which creates ambiguity.

If you're thinking with a cloud-first mindset, you should be making sure all the right boxes are checked before you make the leap. Here, security experts highlight the most important steps to keep in mind while moving to the cloud. Did they miss any? Feel free to add to our list.

 

 

Interop ITX 2018

Join Dark Reading LIVE for a two-day Cybersecurity Crash Course at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the agenda here. Register with Promo Code DR200 and save $200.

 

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Previous
1 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment:   It's a PEN test of our cloud security.
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7245
PUBLISHED: 2020-01-23
Incorrect username validation in the registration processes of CTFd through 2.2.2 allows a remote attacker to take over an arbitrary account after initiating a password reset. This is related to register() and reset_password() in auth.py. To exploit the vulnerability, one must register with a userna...
CVE-2019-14885
PUBLISHED: 2020-01-23
A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information...
CVE-2019-17570
PUBLISHED: 2020-01-23
An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue...
CVE-2020-6007
PUBLISHED: 2020-01-23
Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.
CVE-2012-4606
PUBLISHED: 2020-01-23
Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges.