House of Clouds

Cloud security stems from within the cloud itself

Current threats like ransomware demand new safeguards. Cloud security helps companies to counter these threats.
For enterprise users, the cloud needs to be as secure as possible, featuring a high level of data protection as well as sophisticated data security mechanisms – that goes without saying. However, security that stems from within the cloud itself is becoming an increasingly crucial aspect as well, and one that will continue to grow in importance. In the "Security Bilanz Deutschland" study, market analysts at techconsult have interviewed 500 enterprises from various sectors for the last three years in a row: the results show a clear trend toward cloud security. The analysts report that SMEs and public authorities are frequently employing cloud solutions in the areas of e-mail and web security, data security, application security and network security. What's more, the study has found that more than half the surveyed enterprises working in the industry, services, banking and insurance sectors are using cloud solutions for e-mail and web protection.

Castle walls and moats are no longer adequate

These results send a clear signal. Decision-makers now view the cloud in a completely unbiased way and are aware of its advantages. The key feature of these benefits is flexibility – an absolute prerequisite in this age of digitization and new working environments. One example: A few years ago, IT was something that took place exclusively on a company's own premises. Operations were carried out behind "castle walls" and "moats", and, as a rule, they were consequently completely secure. Nowadays, however, company employees are being forced to leave their comfort zones: they need to work on the move using smart phones or laptops, conduct live presentations at customer premises with real-time access to enterprise data, or display their creativity from home offices. In situations like these, protection in the form of classical firewalls and traditional network security is simply no longer adequate. Enterprises now need software that enables controlled access from outside the company while also protecting the data from unauthorized use by means of encryption or other mechanisms. These safeguards must also be capable of dealing with modern hacking techniques like DDoS attacks. This is precisely where cloud-based firewalls come in, affording effective protection outside corporate networks as well as inside, and keeping mobile data secure.

Ransomware: danger from the Internet

An additional threat comes from the rapidly spreading malware known as ransomware, a cyber attack that locks legitimate users out of affected systems. Ransomware typically encrypts the data on infected computers and demands a ransom for decrypting the files, often to be paid to an anonymous recipient using the digital currency bitcoins. This type of malware is becoming a major problem: in September, ransomware incidents were so frequent that they made up no less than 13 percent of all global malware attacks. These findings were reported in the latest "Global Threat Index" from the security vendor Check Point Software. According to this report, six percent of all attacks were carried out using Locky, the currently most widespread family of ransomware. As a result of these findings, the index now ranks ransomware among its top 3 threats for the very first time. The top spot is held by a worm called "Conficker", with the virus "Sality" in second place.
These statistics show that nowadays the threat level is anything but harmless: the average costs incurred in a case of data loss now total 558,000 euros in Germany. And 37 percent of the surveyed German companies had lost business data at least once during the preceding 12 months. These figures are taken from the latest version of the "Global Data Protection Index", compiled by the market research company Vanson Bourne on behalf of EMC.
Experts now agree that security solutions from the cloud are necessary to win the battle against ransomware. This is how they work: whenever an IP address is called up, cloud-based security services check whether it is suspicious or a known threat. If this is the case, access to the web page is blocked. Being a cloud service, the ransomware protection is constantly up-to-date and easy to use for employees on the move.
Apart from the technical considerations, cloud-based security is advantageous from an economic point of view as well. Solutions of this kind can be provided as a convenient managed service. In such a scenario, service providers take care of updates, manage the services from a central location and are able to quickly isolate any computers that may become infected. Conversely, this means that devices and servers can be more rapidly provisioned and equipped with protective systems. As a result, enterprises can focus on their core areas of competence while security is taken care of in the cloud, by a reputable and suitably qualified cloud provider.

Security requires a strategy

It goes without saying that security can never be viewed in isolation – it needs to be part of an overall cloud strategy. However, the consultants at IDC report that much still needs to be done in this regard. The cloud clearly plays a dominating role in everyday IT activities at companies in Germany: according to IDC's latest "CloudView Survey", 63 percent of the enterprises involved entrust their business processes to cloud solutions (using public or private clouds). This represents an increase of 70 percent over the previous year. However, companies frequently fail to seize opportunities for improving business results through cloud applications due to the lack of a long-term strategic approach. Experts see this as a real danger, particularly in view of the boom expected from the Internet of Things and Industry 4.0. Consequently, cloud computing in general and cloud security in particular need to be accompanied by a solid strategy to achieve their full potential.
Why data protection aspects may still make it unsafe to use foreign providers even when their servers are located in Germany. Why companies may face fines when they use cloud services that are not provided from Germany. Read about these issues in an informative interview with Dr. Hans Markus Wulf, an expert in legal aspects of IT from the prestigious law firm SKW Schwarz, boasting a team of over 25 specialist lawyers.

Further articles