As security systems get increasingly smart and sophisticated, so do malicious actors and hence, there is a compounded effect in the rising volatility in cloud security. 2018 saw its fair share of massive security threats and 2019 only has bigger challenges ahead.
According to data by Gartner, the public cloud spending for 2018 was at $174 billion, out of which $10.7 billion was spent on cloud security and management. That number is predicted to go up by at least 20% in 2019. While security professionals have learnt a lot from the major breaches of 2018 like Exactis and Under Armour, 2019 will present newer challenges that we need to prepare for. With multi cloud and hybrid cloud environments and increased complexity, enterprise cloud security will need to up the ante. Let’s take a look at the major cloud security challenges we need to be prepared for in the coming days.
1. Data Breaches get Expensive
As more and more critically sensitive data moves into the cloud, any potential breach could cost an insane amount of money. According to IMB and Ponemon’s 2018 Cost of Data Breach Study, the global average cost of data breach soared as high as $3.86 million in 2018, which was a 6.4% increase from the previous year. The average cost of each lost or stolen record containing sensitive information also reached up to $148, which is 4.8% higher than the previous year.
In 2019, this figure could go higher. With more at stake, enterprises will need to get extremely cautious with how they handle their data. Not a single binary digit can be taken for granted. Also compounding the problem is the increased sophistication with which these attacks are carried out, making it harder to detect a breach. The infographic from Ponemon incisively states that of there was a straight highway across the world, you could travel across it in 21 days. But the average time it would take you to detect a data breach is nearly ten times that. It would take an enterprise an average of 196 days before you’d find out.
2. Threats Will Get Smarter
The age of smarter threats is upon us. In 2019, as virtual assistants and chatbots become more widely adopted, hackers will increasingly use them to wage attacks. They could engineer malicious chatbots that stealthily superimpose themselves on legitimate sites, luring users into clicking on malicious links or betrothing sensitive information, downloading rogue files or even reveal their passwords and PINs. Many experts have called this development ‘Spear Phishing 2019’. It is a dangerous combination of tech and social engineering.
You may have recently seen the widely popular video in which an AI chatbot by IBM called Project Debater took on a human, a world debating champion Harish Natarajan. To our immense relief, Natarajan won the debate, casting away the fears of AI Armageddon for a while now. However, you cannot but be amazed by the unbelievable display of human-like debate by a machine. Project debater not only spoke in an extremely convincing human voice and gave real-time rebuttals to Natarajan’s debate points and questions, but also used expressions like ‘um’ and ‘ah’ to make the debate sound human, real and almost deceptive. What if one such bot impersonated your boss’s voice and asked you to wire $50,000 into an offshore account with immediate effect? What if it asked you questions that would make you reveal sensitive information? The fear is legitimate.
3. Increased Complexity
Managing cloud complexity will be another major challenge for enterprises in 2019. As said earlier, multi-clouds and hybrid clouds add to the already complex technology, making it that much harder to store and move data safely. A survey by IBM Institute for Business Value found that 98% of enterprises plan to adopt multi-cloud architecture by 2021. However, only 41% enterprises have a multi-cloud management strategy. Even fewer have adequate processes and tools for such an operation.
Multi-cloud computing essentially refers to solutions that combine two or more different and distinct clouds from at least two different providers. While these multi-clouds have their advantages, they also present a number of data management and security challenges. Data moving in a multi-cloud environment may get duplicated or fragmented along the way, making it susceptible to attacks and leakage.
IT has always been complex, but we may now be reaching an overload status. Heterogeneous architectures spanning more than one platform on and off premises present a multitude of challenges. Enterprises need to develop advanced processes that can place some control and restore stability in this highly volatile environment.
4. Mobility and BYOD challenges
When all enterprise data was limited to the company premises and an internal server, data management was easier. However, confining data means confining your employees and that sounds like a historical scenario. BYOD or bring your own devices is the new normal where employees could be using official data on personal mobile devices and accessing it from all over the world. Not only has the data already left the building and is out and about now, but also the possibility of some employees accessing this data over public Wi-Fi or shared networks cannot be ruled out.
This increases the challenge of protecting the data that’s probably travelling the world right now. Also in tow is the threat of lost and stolen devices. Sometimes, employees also bring in their own clouds. Chances are that the employees are more comfortable storing documents in DropBox and sharing info over Slack or Google Drive, which the enterprise may not have enough control over. This makes it extremely difficult for companies to remain HIPPA and GDPR compliant, as well as involves the risk of data breaches.
Enterprises need to invest in solutions such as active directories and single sign on (SSO) identity so that all BYOD devices can be brought under one umbrella and making it possible to shut down all devices at once if a threat is suspected.
As tech gets smart, the hackers get smarter. That has been the norm and 2019 brings more challenges in the same vein. Since the advance of tech cannot possibly be rolled back, the only option is to keep racing ahead of the criminals. Robust cloud security practices, advanced data safety planning and a dash of commonsense can however, save your enterprise from losing millions in a breach. Staying conscious of the fact that threat looms everywhere and exercising caution with every sensitive data exchange will go a long way in ensuring safety. Stricter password compliance, awareness of potential phishing strategies, complete abstinence from divulging critical info like passwords and pin are some of the basic measures that need to be adopted. Frequent security sensitization workshops to keep employees aware about possible attacks will help keep them alert. Increasing and ensuring cloud security is a responsibility we all share.