Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Security, Compliance Remain Biggest Concerns Over Cloud

A new survey into cloud concerns undertaken by database security firm HexaTier provides no surprises: security risks (44%) followed by compliance and regulation (29%) are the two biggest factors preventing greater cloud adoption (although we are specifically talking about database as a service rather than cloud in general).

A new survey into cloud concerns undertaken by database security firm HexaTier provides no surprises: security risks (44%) followed by compliance and regulation (29%) are the two biggest factors preventing greater cloud adoption (although we are specifically talking about database as a service rather than cloud in general).

Cloud Security Concerns

Tel Aviv, Israel-based HexaTier is a bit like a focused Cloud Access Security Broker (CASB). Rather than provide an overall security approach to the cloud in general, it focuses on protecting the three primary cloud database services: AWS, Azure and Google. It does this by using reverse proxy to examine everything that goes into the databases or comes out from them. This, like CASB in general, provides visibility and control into an otherwise obscured cloud environment.

What is surprising, however, is the rather common mistake of confusing security and compliance. The report suggests that the cloud can be more secure than on-premise security. “After all,” it notes, “can a typical organization compete with the overall security that giants like Amazon, Microsoft and Google are capable of implementing?” This is an argument that for many leading businesses has already been won.

The issue today is less about security and more about compliance. Compliance requires that you achieve security by being able to demonstrate what you do to ensure security. You cannot guarantee security against breaches; but if you can show that you have taken all reasonable steps to protect your data, you are less likely to be held culpable by the regulators when the unthinkable happens.

DB Security Survey

This, visibility into the cloud to see and control what is happening, is the big problem with cloud. This is what Hexatier’s technology seeks to provide – but again it is for the big database providers rather than the cloud in general. Companies will still need mainstream on-premise security to prevent legitimate downloads subsequently leaking out into the unprotected cloud via its own users’ Shadow IT.

“Regulatory compliance in the DBaaS environment is more complex than in traditional, on-premises databases, and currently available solutions are less mature,” notes the report.

Nevertheless, it remains hopeful. “It is very likely that, in the future, regulatory compliance of DBaaS will be as easy – or even easier – than for on-premises databases, because the tools and techniques for cloud-based compliance are continuously developing and improving.”

Advertisement. Scroll to continue reading.

This is quite likely true – but unfortunately compliance requirements are growing and evolving just as fast. The big one on the horizon right now is what effect will Europe’s new General Data Protection Regulation have on worldwide cloud adoption and use? That simply remains to be seen.

HexaTier’s report was compiled based on data from 574 respondents.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cloud Security

Cloud Disaster Recovery - Ingredients for a Recipe that Saves Money and Offers a Safe, More Secure Situation with Greater Accessibility