Adoption of cloud-based services is continuing its upward trend, on target to meet projections made by researchers that at least 50 percent of major companies would adopt some form of hybrid cloud model. Last year, for instance, the research firm Gartner predicted that mainstream adoption of hybrid cloud would hit within 5 years.
IBM also noted that more than 25 percent of all software applications — about 48 million — would be available on the cloud in 2016, with the average company already using 1,154 cloud services, according to a ComputerWeekly article.
Yet, along with that expanding adoption, there appears to be rising concerns about cloud security, according to a report from SkyHigh Networks. The cloud security company noted that 49 percent of IT professionals responding to a survey said they had approved an app that did not meet their company’s security standards — mainly because they gave into pressure.
The Cloud Security Alliance (CSA) recently urged corporations to take a more aggressive approach about security when adopting cloud computing solutions. During a recent RSA Conference, the CSA released a report highlighting the top threats facing companies using cloud computing in 2016.
Data breaches. The CSA pointed out that while cloud environments and traditional corporate networks face similar threats, providers of cloud services may be more susceptible to cybercrime threats because of the amount of data stored on cloud servers.
Compromised credentials and broken authentication. Weak passcodes, poor authentication practices and other identity management can lead to data breaches and other attacks. CSA recommends more sophisticated multi-factor authentication systems, including smartcards, one-time passwords and phone-based authentication to deter cyberattacks.
Hacked interfaces and APIs. Pointing out that the security of cloud services is closely related to the security of the API, the CSA also discussed addressing risks that can increase with third parties that rely on APIs and build upon their interfaces. For instance, companies can be at risk for security breaches as a result of weak interfaces and APIs.
The report also highlighted other issues, such as account hijacking, threats from insiders, including employees, and DoS attacks.