Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Cloud computing is a bonanza – but security lags

By Robert R. Ackerman Jr.
cloud-computing-freepik
July 1, 2021

The explosion of high-profile ransomware attacks has been dominating the news in the IT sector of late, but most of the time – and for years, not weeks or months – the subject of cloud computing has been front and center. Everywhere you turn in the IT world, people are buzzing about the cloud this and the cloud that.

And no wonder. According to Gartner, by next year up to 60 percent of organizations will rely on a cloud-managed service offering – double the number as recently as 2018. And the growth is showing zero signs of slowing. According to ResarchandMarkets.com, the global cloud computing market is predicted to grow from $371 billion last year to $832 billion by 2025. That’s a sizzling compound annual growth rate of 17.5 percent.

This isn’t really surprising. Time and again, we hear that cloud computing offers enterprises more reliability, scalability and flexibility, removing the hassle of maintaining and updating systems and thus giving companies more time to focus on core business strategies.

It’s also commonly said that security in the cloud is better. On this point, however, a rethink is in order because this premise is at best questionable. Consider, for instance, a survey by Clutch, a Washington-based enterprise computing research firm, which found that nearly two-thirds of IT pros say that the cloud is more secure than legacy systems.

This makes the other third skeptics, and there are hints that even cloud security boosters are cautious about how bullish they really are. Specifically, 28 percent of survey respondents feel cloud computing is “somewhat more secure” as opposed to “much more secure.”

More telling, perhaps, is that the majority of the 300 Clutch survey respondents don’t entirely trust their chosen vendor. Three quarters of them said they add in their own security on top of the vendor’s solution.

Fact is, security in the cloud needs improvement. The problem is that cloud service providers treat cloud security as a shared responsibility with their customers. And while cloud purveyors typically hold up their end of the bargain, many customers do not. Human error among cloud customers is rampant. Gartner has said that at least 95 percent of cloud security failures will be the fault of customers starting next year.

“Migrating IT infrastructure to the cloud means enterprises must evolve their approach to cybersecurity,” says Tim Eades, CEO of vArmour, a Silicon Valley-based cloud security company. “They must adopt a zero trust mindset.  This assumes the likelihood of multiple points of failure and helps confront it.”

Cloud customers clearly need help, and the onus is on cloud purveyors to provide it. Says a Gartner report: “CIOs (and other IT pros) must change their line of questioning from “Is the cloud secure?” to “Am I using the cloud securely?’

Misconfigured cloud settings have caused multiple incidents of data exposures at Amazon Web Services, the biggest cloud purveyor.  In addition, a misconfiguration error in Microsoft’s Azure cloud relatively last year exposed 250 million technical support accounts.

What can be done to fix such problems?

One answer is the adoption of more cryptography. Some public cloud purveyors offer some encryption as an option, sometimes by default, and hopefully others will decide to do the same thing. Also likely to be helpful is new, cutting-edge encryption technology.

I’ll discuss the latter momentarily. First, however, let’s address the miscommunications issue. While Amazon, Microsoft and other cloud companies handle security for their data centers, it is customers who must actually implement the required defenses. There is insufficient sharing of responsibility. If cloud customers don’t protect their own networks and applications – too often the case -- cloud security is undermined.

Exacerbating the problem is the fact that enterprises are increasingly adopting multi-cloud environments and too often lack awareness of all the cloud services at their disposal, according to a study by McAfee. In short, they’re setting themselves up for accidents waiting to happen.

This is a management issue, and should be fixable. The adoption of more cryptography, meanwhile, is a technology issue, and one that can’t be addressed as quickly. Inroads, however, are being made.

One young company, born out of research done at MIT, is developing end-to-end encryption that could redefine cloud-based cybersecurity in a way that doesn’t interfere with workflows while still enabling popular cloud-based machine learning applications. Another startup has developed a secure web gateway in the cloud as a software-as-a-service. Cybersecurity protection is decentralized, enabling data to flow back and forth from a public cloud rather than redirecting it to clients’ own physical data centers, where problems can crop up.

Yet another form of encryption making progress is homomorphic encryption (HE), which makes it possible to analyze or manipulate encrypted data without revealing the data to anyone, offering huge potential in areas with sensitive personal data, such as financial services or healthcare. The adoption of this technology is attracting more attention and generating progress at huge technology companies. 

For now, here are some security tips for companies moving to public and even multi-cloud environments:

  • Make sure none of the components of security fall through the cracks. Overseeing the performance of the respective responsibilities of both cloud purveyors and their customers is essential.
  • Ensure that only authorized users can access data. This is critical to prevent tampering by anyone inside or outside the organization.
  • Insist that your cloud service provider conducts thorough background checks on employees. This is especially important if they have physical access to data center servers.
  • Lastly, bear in mind that you’re tied tightly to any particular cloud provider, for better or worse. Switching is difficult. Do everything possible to choose the right one in the first place.

It’s important to recognize that many, if not most, of the security issues in cloud computing are a byproduct of the unchecked growth of the cloud. Providers, not customers, are liable for any breaches. If necessary, they should slow their growth for a while to prioritize the repair of festering problems. If security gets further out of control, there is no question that cloud growth will slow anyway.

This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security Magazine. Subscribe here.

KEYWORDS: cloud security cyber security ransomware risk management

Share This Story

Bob ackerman

Robert R. Ackerman Jr. is founder and managing director of AllegisCyber Capital and co-founder of cyber startup foundry DataTribe. He was the first investor to create a venture fund focused exclusively on cybersecurity and data science and has been investing in cybersecurity for more than 15 years in the U.S. and select international markets. 

Blog Topics

Security Blog

On the Track of OSAC

Blog Roll

Security Industry Association

Security Magazine's Daily News

SIA FREE Email News

SDM Blog

Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing