IaaS has become the fastest-growing field in the Cloud business, because of the speed, reliability, and cost with which organizations are able to create and deploy applications. But, most enterprises overlook the shared responsibility of the security of the cloud.
Many enterprises miss cybersecurity incidents around Infrastructure-as-a-Service (IaaS) due to low awareness of the common entry points to breaches that target the cloud infrastructure. According to a McAfee report that surveyed 1,000 enterprises worldwide, 99% of companies missed IaaS misconfigurations in their reasons for a breach.
Also read: Realities of Blockchain for Next Five Years
Experts believe that in a rush towards IaaS adoption, organizations overlook the security model that requires shared responsibility of the provider and the user. Companies assume that security will be completely handled by the cloud provider.
Another cause of security incidents is the misconfigurations of cloud resources. The McAfee Cloud Adoption and Risk Report suggest that at any given time, on average, organizations have at least 14 misconfigured IaaS instances running. This totals an average of over 2,250 misconfiguration incidents each month. For example, 5.5% of AWS S3 buckets in use are generally misconfigured to be publicly readable. This could result in significant data loss.
Surely the cloud providers offer tools for securing the resources, but an organization’s IT teams are responsible to correctly use these tools. Some common errors include improperly configured inbound or outbound ports; data encryption turned off, multi-factor authentication not activated and storage access open to the internet. Since Cloud-native breaches are different from a typical malware attack, they are difficult to identify.
Around 90% of the organizations have experienced some of the other security issues in IaaS, and merely 26% are equipped to audit for the misconfigurations, which likely accounts for the lack of visibility.
But what makes IaaS appealing to companies of all sizes? The low upfront cost. IDC has predicted that by 2021, spending on cloud infrastructure services will increase by 15% compared to the expenditure for IT infrastructure on-premises. Gartner has also predicted that in the public cloud services market, IaaS will be the fastest-growing segment. The growth has been forecasted to 27.6% by the end of 2019 to reach $39.5 billion. Gartner has also projected that by 2025, over 80% of enterprises will have shuttered the physical data centers and moved to cloud infrastructure services.
Though IT teams are responsible for security, cloud providers are responsible for the controls they provide to protect servers and data. To evaluate IaaS providers, IT managers must check the physical access permissions, compliance audits – where they can request proof of compliance certifications and audits with relevant regulations, monitoring and logging tools, and hardware specifications and maintenance.
The key challenge for security practitioners is increasing the speed of cloud adoption, which has resulted in fewer tools to prevent attacks. IT teams and the providers must ensure that security becomes a priority as millions of customer records and intellectual property is on the cloud.