Cyber Security and Hybrid Clouds Risks

A new study has recently revealed that zero-day attacks on hybrid cloud environments are posing a major threat to many businesses. The demand for cloud platforms is picking up very fast, and as a result, most businesses are under pressure to protect their hybrid environments.

As per the research conducted at Enterprise Strategy Group (ESG), opinion poll were conducted on the hybrid cloud environments and containers in relation to 450 IT and security wizards in North America and Western Europe. The results expressed worry over zero-day attacks and augmented container adoption. Doug Cahill, a senior analyst at ESG, emphasized in his thesis about the growing concern pertaining to cyber security and hybrid clouds.

According to Bogdan "Bob" Botezatu, Bitdefender’s senior e-threat analyst, a shift in hybrid infrastructures has led to major concerns and worries. More and more organizations want to go with the hybrid cloud, owing to its flexibility and reasonable rates. In other words, the move to hybrid infrastructures is an essential step toward public cloud adoption.

Cahill told that hybrid clouds are complex in nature, and in addition, more than 80% of organizations utilizing ‘IaaS’ run through services acquired for different providers. As a result, the public cloud platforms get burdened with heavy workloads. Containerized production applications have been structured by near about 56% of organizations, and 80% still report they will acquire the containers within a year or so. Furthermore, the implementation of new technology is a continuing process, and many companies are midway between shifting old applications to the cloud platform. As assessed, 73% of organizations employ, or are going to employ the containers for both new as well as former legacy applications.

It is anticipated that many businesses will carry on to moderately relying on legacy systems for years, despite their budding dependence on containers. In this situation, it is obvious that the accessing from multiple environments and multiple locations by multiple users can pose a serious threat to security. Cahill further told that despite the biggest challenge, hybrid cloud is maintaining constant security across the multiple cloud environments as well as enterprise data center. The main aim of each and every business is to maintain steadiness and security control in an efficient manner.

Another challenge being faced by security teams is the major concern and pace at which cloud is increasing. The implementation of cloud was decelerated by security teams, and even now containers are determined by the app development team. In general, the progression in cloud computing is very fast, and so, they have to maintain pace with the current changes.

Botezatu says, since, the major concern for companies are the fulfillment factor; Bitdefender took over to an opinion poll in 2016 about the major threats related to hybrid cloud. Other concerns are the unclear picture about the huge hybrid datacenter, the bigger attack surface, backup security and data security.

Organizations face a major risk for attacks on account of the multiplicity of hybrid cloud environments. In the past year, near about 42% of organizations witnessed an attack on their cloud environment. Furthermore, 28% of businesses reported the involvement of zero-day attacks. The reason behind these attacks is the flexible and unprotected nature of these environments, says Cahill. The arrangement of servers is so rapid, that hardly any attention is given to the security aspects, including vulnerability scanning and thorough assessments.

The most common risks take account of well-known flaws in unpatched applications (27%), mishandling of privileged accounts by employees (26%), and ventures utilizing well-known flaws in unpatched operating systems (21%), network security controls (20%), and unorganized cloud services.

Ofri Ziv, VP of research and Head of GuardiCore Labs says that manifold hybrid cloud environments are facing security threats, and these involve the perimeter and totally mislaid comprehensive dense systems. Ultimately, this leads to weak network segmentation in the hybrid cloud environments that are liable to get attacked by cybercriminals and malware.

 John Viega, CEO of Capsule8, says that zero-day attacks are posing a serious threat and they are genuine and random. In production, too, they pose the same threat due to the impact of open source. Consequently, zero-day attack threat in production from open-source software will have an effect on a lot of organizations.

Cahill is of the opinion that the security is difficult to maintain for the big hybrid cloud, for the reason that approximately 70% of companies at this time make use of separate control systems for public cloud-based resources, fundamental machines, and servers. Surprisingly, only 30% pay emphasis on integrated controls. Despite the fact that different tools for different hybrid cloud environments are managed by different individuals; they are not keen to afford the uniformity of security policies as a whole.

Within the next two years, a considerable transformation is going to occur, and about 70% of organizations assert that they will focus on integrated controls for all server workload types by that time.

Viega further points out that the best way that an organization can carry out is to make sure that have kept their applications in a secure manner in their premises and before moving then, they will take care that they comply with the security standards laid down. Furthermore, focusing on containerization in the software development method is the most excellent way to manage and control this security aspect.


Post a Comment