By Stephen Coty, Chief Security Evangelist, Alert Logic
Every year, Alert Logic publishes a Cloud Security Report. In it, we analyze real-world security data aggregated from the 2,200-plus customers that use Alert Logic solutions in cloud, hosted and on-premises environments. We share the analysis to help readers understand:
- The likelihood of any given attack happening in any given environment
- The persistence of attackers (in other words, how many times an attack will occur)
- The level of sophistication of security programs required in different environments to stop attacks
One of the big questions our Cloud Security Report helps answer is “is the cloud more or less secure than running your datacenter on-premises?” From our analysis, we don’t believe the cloud today is inherently less safe than enterprise data center environments. Leading cloud providers like Rackspace deliver built-in security controls and are very transparent about how security responsibility is shared between them and you, the cloud consumer. If you’re interested in learning more about shared security responsibilities in the cloud, our on-demand State of Cloud Security webinar is a good resource for that.
All that said, understanding if and how threats differ in cloud versus other environments is a good step in understanding security requirements. Based on our latest research, here are five things that we think everyone should know about cloud security in 2014:
1. The volume of attacks is increasing in both cloud and on-premises environments.
Regardless of where you decide to host your applications, expect the volume of attacks to continue to grow. In the example below, we compare vulnerability scanning attacks in 2012 (left triangle) and 2013 (right triangle). You can see that vulnerability scans, like other attacks, are definitely on the rise.
2. Cloud and on-premises attacks are becoming increasingly similar.
In previous years, our reports showed that the types of threats occurring in the cloud were very different from on-premises threats. For example, we’d see more web application attacks in cloud versus on-premises environments. In this year’s data, we see that attack types are becoming more and more similar. We expect that’s because we’re seeing more and more applications traditionally deployed on-premises now being deployed in the cloud, so traditional on-premises attack types are following these applications to the cloud.
3. There are still some noticeable difference.
Despite the growing similarities, there are still some noticeable differences. For example, our data shows that malware/botnet attacks are most prominent in on-premises environments (more than half of all customers affected), while they represent just over 10 percent of the attacks in cloud environments. While we can’t predict the future, but we expect these data points will converge as more end-user applications like virtual desktop infrastructure (VDI) end up in the cloud.
4. Attackers are increasingly tenacious.
When your environment is attacked, it’s typically not attacked just one time. Automated, easily-accessible hacker tools make it easy for attackers to try again and again to launch a successful attack, as highlighted in the graphic below. From a security perspective, it’s important to monitor your IT environment 24×7 regardless of where it’s located.
5. Defense in depth is as important in the cloud as it is on-premises.
This year, we augmented our customer data with data from honeypots that we deployed in public cloud infrastructure around the globe. The honeypot data provided additional, interesting insight. One of the most interesting data points (at least to me) was that 14 percent of the malware collected through our honeypot network was considered undetectable by 51 of the world’s top antivirus vendors. When you consider the volume of attacks, missing 14 percent translates to missing a lot of volume. As a cloud consumer, it’s important to know that you cannot rely on any one defense mechanism – defense in depth is definitely a necessity.
Hopefully this helps you better understand the threat landscape in the cloud today. We certainly use this data to identify how our security solutions can help secure applications and data in cloud environments like the Rackspace Cloud, managed hosting and other environments.
Do you have thoughts on cloud security or suggestions for additional data you’d like to see in a future Cloud Security Report? If so, leave a comment in the comments box below.
This is a guest post written and contributed by Stephen Coty, Chief Security Evangelist at Alert Logic, a Rackspace Marketplace partner. Alert Logic provides security and compliance for cloud, hybrid and on-premises infrastructure, allowing customers to benefit from deep security insight and continuous protection at a lower cost than legacy security offerings.