Cloud computing is a major growth industry as businesses and individuals look to use the computing strategy to either save money or get resources that they would typically not be able to commit to. With cloud computing becoming more and more integrated into business each year, it stands to reason that the once Wild West of cloud computing would start to see a lot more regulation. This week, we’ll take a look at how the cloud is regulated and what to expect out of cloud regulation down the road.
The Wild West
The cloud has been growing for years. Currently it is a $450+ billion market that is growing at over 13 percent annually. That’s a massive increase. All this tells you is that it is quickly becoming the priority computing model for businesses and individuals of all types and sizes. This rapid growth has started to gain the attention of lawmakers who are looking to rein in the growing power technology companies are accruing.
Recent events have made this relationship even more tenuous. The cloud, for all of its benefits, has had a checkered security history; and due to the reliance that organizations have on cloud computing, it has perked the ears of regulators that expect that these computing structures be extremely secure; a problem that has long been identified by IT security experts.
The current regulatory landscape doesn’t currently have many mandates on it. Cloud providers like Amazon, Google, Microsoft, and Oracle have basically operated with very little governmental oversight. The same can’t be said for the users of cloud computing, who by-and-large all have some semblance of regulatory concerns. This creates a gap between what the cloud providers do in terms of cybersecurity, and what is the onus of the end user. Of course, regulators want to see the organizations raking in the huge profits from the use of these services do more, and that’s where this battle begins.
The main point of contention seems to be that, since so many organizations rely on these cloud platforms for their central computing needs, that if full-scale regulation were to happen quickly, it could create problems for providers and thus have major effects on the economy. It stands to reason that regulation happens at some point, but many people in the industry are stumping for a more “light touch” approach, as the laissez-faire approach doesn’t really work for the national security of systems that are crucial to the sustainability of the world economy.
With security seemingly the hot-button issue, it’s important to understand where most of the cloud’s security comes into play. The provider is responsible for the security of the underlying infrastructure, while the customer is responsible for the security of their own digital resources. This can get a little hairy in terms of overarching regulation, as there are several issues that need to be addressed in order for both parties to keep their computing secure. They include:
- Larger attack surfaces – With more publically available surface area to your organization’s data (from use of shared physical resources), there is simply more that can go wrong.
- User error – With phishing attacks being the predominant way hackers gain unauthorized access to computing resources, the end user becomes the choke point for your organizational cybersecurity.
- Poor configuration – The less care that is taken when setting up public cloud resources, the more apt they are to be insecure.
Regardless of how your organization will be impacted by the incoming regulation of cloud services: Rest assured it is coming. Let’s look at a couple of actions you can take to improve your cloud security:
- Deploy Multi-Factor Authentication – One of the best ways to secure your cloud endpoints is to enact a multi-factor authentication system. This system adds an extra step of security for any cloud-based resource, significantly reducing risk.
- Manage access better – Not all of your employees need access to every cloud resource, especially if you plan on hosting a cloud platform yourself. Doing your best to restrict cloud access to users that need it, can reduce exposure to potential security issues.
- Train employees – Having a comprehensive security training program in place has been shown to cut your exposure to end-user risks by as much as 70 percent.
- Sufficiently monitor end-users – One of the best ways to determine if you have intruders in your network is to use technology to consistently monitor it to see who is accessing resources and when. Sometimes unauthorized access will come at unusual times of the day.
The cloud is going through a lot of changes, and time will tell whether or not widespread regulation will be in the cards in the upcoming years. The only thing you can do is strategically enhance your security posture so as to not be caught off guard. If you would like to talk to one of our security professionals, give NSN Management a call today at (918) 770-7400.