Cloud computing will continue to be discussed and deployed in the 12 to 18 months. Even though cybersecurity on the cloud is considered fairly mature, there are a number of factors considered problems in cloud security:
- The rise of cryptomining -- using a virus or malware to control a computer to mine for cryptocurrencies
- Processor vulnerabilities
- Failure to take precautions when using using the cloud
A recent survey revealed that 73 percent of organizations allowed root user accounts to be used to perform activities, contrary to security best practices, and 16 percent potentially had compromised user accounts.
In the past, hackers were interested mainly in stealing data -- but now they also hijack compute resources. In research released last fall, 8% were affected by resource jacking.
Companies using cloud systems must take their side of security responsibility. There is often a false sense of security by organizations using cloud resources; thinking it is not our problem.
Further, the level of security knowledge among cloud architecture and DevOp disciplines is "fairly limited," while strong knowledge of the cloud, automation and DevOps processes is "lacking among network security disciplines," Meyer noted. More education is needed on both sides.
Companies should adopt a more automated and integrated approach toward infusing strong security into DevOps processes and workflows "to keep the security folks in control without forcing the DevOps folks to break their models," Check Point's Meyer said.
"There's always something else to do," observed Akamai's Greene. "If you get all the best common security practices done, you cannot stop. Ask your cloud provider what's next for their security architecture. If they're still doing the basics, consider other options."