An Overview of Cloud Computing and IT Security
The concept of cloud computing has been around since the 90s, but it wasn’t until 2006 that Amazon and Google launched their first cloud services. Fifteen years later, cloud computing has become extremely pervasive, with 67% of enterprise infrastructure in a cloud-based system, and over 40 zettabytes of data in cloud servers and networks.
The COVID pandemic has seen IT companies rush to create new solutions that meet businesses' unique needs, especially remote work. As a result, the public cloud computing market is expected to be worth $800 billion by 2025.
Which Companies Are Dominating the Cloud Computing Industry?
The term “cloud computing” doesn’t convey the true extent of its capabilities. Some will see it as a service that provides on-demand computing solutions ideal for keeping businesses scalable. Others see the need for cloud computing for the storage of data and resources that can be accessed by users around the world.
Throughout the last decade, large tech companies and some lesser-known service providers have been wrestling for market share in the cloud computing space. As of spring 2021, the following organizations commanded much of the global cloud computing market
- Amazon Web Services (AWS) Cloud – as the market leader, AWS currently holds 33% of the cloud computing market. Of the 13 million cloud servers around the world, AWS controls about half of them. In the first quarter of 2021 alone, AWS made $13.5 billion in cloud services (beating analysts’ predictions of $13.1 billion) and outpacing their Q1 2020 numbers by about $3 billion.
- Microsoft Azure — holds about 20% of the cloud market. Azure brought in $20.7 billion in revenue in the first quarter of 2021, up 36% from the same quarter last year.
- Google Cloud Platform (GCP) – currently has 10% of the market share. Google Cloud brought in $4.9 billion in revenue for the third quarter of 2021.
- Alibaba Cloud – is in fourth place with 9% of the market – which includes 59% of all companies in China. In the second quarter of 2021, Alibaba’s cloud revenue grew approximately 50% to nearly $2.5 billion.
Concerns Over the Significant and Rapid Growth of Cloud Computing
For many organizations, the advantages of using Cloud computing services far outweigh the potential negatives. The problem is that the potential negatives are almost all related to security. This threat significantly grew when companies had to adjust to work-from-home settings, thus making themselves more vulnerable to attack. As governments tighten data regulations and cybercriminals become even more equipped and able, having access to capable experienced IT security experts is always a best practice.
Below are some of the major IT security and cloud computing trends that we are monitoring:
SolarWinds was one of the most shocking cybersecurity attacks to date. In March 2020, hackers secretly broke into the systems of a major US IT firm named SolarWinds. The intruders, who went undetected for as long as nine months, preceded to install malicious code inside SolarWinds’ Orion IT product – a network monitoring and management tool used by 33,000 government and private industry clients worldwide. The corruption was so thorough that the hackers set up a command-and-control infrastructure inside SolarWinds’ system. As a result, Orion IT system updates, loaded with trojans, were unknowingly uploaded by 18,000 SolarWinds customers, giving the attackers access to their login credentials, networks, systems, and digital signatures.
The hackers also exploited flaws in Microsoft and VMware products, enabling them to intercept emails and other documents and sign in to other applications those victims had access to. In mid-December 2020, SolarWinds had been hacked; however, the extent of the hack was unclear. Eventually, it was revealed that the data breach had compromised many areas of the US Federal Government (including the Departments of Agriculture, Commerce, Defense, Energy, Homeland Security, Justice, Labor, State, Treasury, the National Institutes of Health, and National Telecommunications and Information Administration). Global victims included NATO, the UK government, and the European Parliament. As a precaution, thousands of SolarWinds customers had to take their systems off-line to be decontaminated. A former Homeland Security Advisor, familiar with the details of the attack, said it could take years to completely evict the attackers from US networks as they continue to monitor, destroy, or tamper with data.
Traditional malware attacks have been led by the rapid increase in phishing and Business Email Compromise (BEC) schemes. Malware launched through phishing and BEC can quickly spread from one employee to another. According to Mimecast, phishing attacks are up 63%, while BEC attacks are up 51%. Additionally, since more employees than ever are working from home through the pandemic, many are taking the BYOD (Bring Your Own Device) route – this dramatically increases the chance that BYOD-based malware on personal computers will infect the cloud services that home-based employees are accessing. Overall, 70% of companies surveyed expect their business will be harmed by an email-based attack in 2021.
In the same report by Mimecast, 61% of the organizations that took part in the study were impacted by ransomware in 2020 – resulting in the loss, on average, of six days of work. Of these victims, 52% paid the ransom, but only two out of three (of the companies who paid the ransom) got their data back.
Spoofing and Brand Impersonation
Currently, nine out of ten companies report that they are threatened by online brand impersonation, where hackers “spoof” or make realistic copies of a company’s corporate website to steal legitimate customers’ money and identification. Globally, the average company experienced nine spoofing attempts a year. However, German companies discovered these scams most often, at a rate of 14 attempts a year. Over 92% of responders to the Mimecast report are currently using or soon plan to implement anti-spoofing solutions.
Internet of Things (IoT)
Again, IoT has brought about incredible changes to our lives, but it also opens the door to more cloud security threats. Once upon a time, the Internet was restricted to our PCs. Today, with so many devices connected to Wi-Fi networks, the chance of a hacker breaking into a network through a secondary device is no longer science fiction.
Why is Cloud Security so Difficult to Tackle?
Cybersecurity roles are possibly one of the most difficult to find in the IT industry because of the speed of change. An expert can create, implement, and master one set of cybersecurity protocols, and the very next day, a hacker can find a new vulnerability. To say that Cybersecurity professionals need to stay ahead of the game is an understatement.
ISC2, in its 2021 Cybersecurity Workforce Study, showed that to meet current demands, we will need 700,000 extra IT security professionals or, in other words, a 30% increase in the US and a 25% increase in Europe. During the COVID-19 crisis, nearly half of IT professionals were reassigned to different roles to offer more support as companies switched to remote working. This is ironic since the cybersecurity personnel surveyed believe the workforce gap is their number one concern, and 60% feel they are also experiencing a talent shortage.
Finding the right Cybersecurity expert is a difficult task due to the required combination of the proper training and the passion for continuous learning. Unfortunately, there are not enough university programs offering specialist courses in cybersecurity. Only now are we seeing the rise in boot camps for specialist training and technology companies that provide their security team with the appropriate training. But even this isn’t addressing the full scope of the issue.
COVID-19 will continue to have a negative impact on companies as the financial crisis begins to worsen. Some companies are forced to reduce the size of their teams. This creates a vicious cycle where companies that can't afford to hire cybersecurity professionals will be more at risk of attacks.
What's the Solution?
COVID-19, hacking threats, and a shortage of cybersecurity personnel will undoubtedly hamstring business processes for the near future. Luckily there are two solutions available: (1) installing the most secure network solution, and (2) partnering with a company experienced in these specialized areas.
Secure access service edge (SASE) is an emerging cybersecurity networking concept intended for companies who must provide their remote employees – wherever they are physically located – with quick, secure, uninterruptable access to data and software-as-a-service (SaaS) applications hosted on the Cloud.
SASE was envisioned as the convergence of wide-area networking (WAN) and network security services – like CASB, FWaaS, and Zero Trust – into a single, cloud-delivered service model. Additional security services, such as threat prevention, web filtering, sandboxing, DNS security, credential theft prevention, data loss prevention, and next-generation firewall policies, can be implemented as needed. Information is delivered to entities based upon: their digital identity (i.e., a specific person, groups of people, devices, systems, etc.), real-time context, policies (company or regulatory), and a continuous assessment of risk/trust throughout the sessions.
This enables the SASE architecture to automatically identify users and devices, apply policy-based security accordingly, and then deliver secure access to the appropriate application or data. This methodology allows organizations to apply secure access no matter where their users, applications, or devices are located.
Secure Partners: The Best Help
As previously mentioned, IT staffs are under stress due to budget cuts, labor shortages, the extra demand of supporting people working from home, and maintaining day-to-day digital operations. In an ideal world, organizations would have every resource needed on hand. However, in the real world, the next best thing is to have a group of specialists available to handle whatever challenges arise – a solid, go-to partnership could be the differentiator in today’s fast-paced IT world.