Cloud tech great for security but poses systemic risks, according to new report – ARNnet

Credit: Dreamstime

Although nearly 30 years old, cloud computing is still a “new” technology for most organisations. The cloud promises to reduce costs and increase efficiencies through storage and management of large repositories of data and systems that are theoretically cheaper to maintain and easier to protect.

Given the growing rush by organisations to move to the cloud, it’s no surprise that some policymakers in Washington are calling for regulation of this disruptive technology.

Last year, Representative Katie Porter (D-CA) and Nydia Velázquez (D-NY), urged the Financial Stability Oversight Council (FSOC) to consider cloud services as essential elements of the modern banking system and subject them to an enforced regulatory regime.

Their calls for this kind of oversight came in the wake of a major data breach of Capital One in which an employee of the financial institution was able to steal more than 100 million customer credit applications by exploiting a misconfigured firewall in operations hosted on Amazon Web Services (AWS).

That’s why the Carnegie Endowment for International Peace is releasing a study today that aims to give lawmakers and regulators a basic understanding of what’s happening in the cloud arena, with a particular focus on the security of these vast reservoirs of information.

“Cloud Security: A Primer for Policymakers,” written by Tim Maurer, co-director of the Carnegie Endowment’s Cyber Policy Initiative and Garrett Hinck, a doctoral student at Columbia University and a former Carnegie Endowment research assistant, argues that the “debate about cloud security remains vague and the public policy implications [are] poorly understood.”

From a public policy perspective, “the image of a cloud obscures as much as it explains,” the report states. “A more nuanced picture emerges when the cloud is considered in terms of its layers—from the physical data centers and network cabling that form its foundation to the virtual software environments and applications that everyday users interact with.”

Systemic cloud security risk

But, the paper states, cloud service is concentrated in the hands of a few providers including AWS, Microsoft Azure, and Google Cloud, so-called “hyperscale” cloud service providers, with firms like Alibaba Cloud and Tencent playing a similar role in China.

The rising cost of cyber attacks means that most companies can’t effectively defend themselves, leaving organisations “better off entrusting their security to these external firms’ security teams.” However, that solution raises a new problem which is “the systemic risk associated with a centralised approach.”

“There’s very little understanding of what the cloud is,” Maurer tells CSO. “There is very little out there that describes what the cloud is and how to think about cyber security.”

Cloud security policy concerns

Although the Carnegie Endowment report steers clear of public policy recommendations, it does note there are two key policy concerns that have to be balanced. “As we think about security and the cloud, there are essentially two public policy challenges that we need to think about and separate,” Maurer says.

“The first one is the current and known problem of cyber insecurity. Most organisations still struggle to effectively protect themselves against hackers.”

Few organisations can rival the “Fort Knox” level of security provided by Google, Amazon or Microsoft, so they might be better off entrusting security to these giants.


Read More   Sri Muppidi is 'keen on bringing new ideas' to Dublin City Council - Pleasanton Weekly

Leave a Reply

This website uses cookies. By continuing to use this site, you accept our use of cookies.