Connect with us

Hi, what are you looking for?


Cloud Security

Security First in the Cloud Wars

“The Cloud Wars” may be dominating IT news headlines, but what does this phrase actually mean? And is it something that an enterprise needs to be concerned with? 

“The Cloud Wars” may be dominating IT news headlines, but what does this phrase actually mean? And is it something that an enterprise needs to be concerned with? 

Beyond the ongoing battle for market dominance between the three biggest cloud players – Amazon, Microsoft and Google – it is a highly competitive and disruptive sector, ripe with smaller, niche players too. Enterprises are using cloud services for everything from hosting workloads to running or accessing software-as-a-service applications, with a focus on growing their business. 

Unfortunately, security best practices tend to take a backseat when enterprises operate with the assumption that the responsibility falls solely on the cloud provider. Businesses moving quickly to keep up with the speed of the cloud may not give security the true investment it demands, considering today’s fast-moving threat and compliance landscapes. What’s worse is that by the time they realize this, it could be too late.

An Unexpected Victory for Enterprises

The good news is cloud providers do take security seriously. They prioritize the expected basics of secure passwords and multi-factor authentication, as well as user analytics that can monitor for abnormal user access – whether an unusual time, device or location. More recently, strong physical security, such as laser-beam intrusion technology, is also coming into play to keep the bad guys out. 

Cloud Security Benefits

Most providers adopt sandbox development areas for system tests, in addition to flexible and extensible software stacks with different levels of hardening built in. Earlier this year at Google Cloud Next, the company announced more than 30 new security-related features. From identify and access management offerings to fortified t

hreat protections, the underlying commitment was evident – to make the platform more secure.

Advertisement. Scroll to continue reading.

There are certain security benefits that can be gained from the size and scale of cloud providers that directly translate to enterprise customers. For example, if a cloud workload is subject to an attack, the cloud provider will work to understand what happened and ensure protective controls are established to prevent similar attacks in the future. The clear advantage here is that any protection put in place for a single customer will automatically protect any cloud customers on that platform against the same threat.

Another challenge is the relative scarcity of good cloud security specialists, as this is a new space and, therefore, the pool of skilled engineers available is even more reduced. This means that not only is getting the right people hard, but also retaining those people for ongoing maintenance of the cloud proves difficult since they are so in-demand on the jobs market. 

The growth of cloud providers has enabled them to pick, choose and hire the best security talent in the market, as well as ensure they can offer the best security solutions. Cloud providers are not only well-protected, but also able to offer sound advice that comes from the experience of managing millions of workloads across the cloud.

Preparing for the Larger War

As much as cloud providers can do for security, however, this does not mitigate the responsibility of an enterprise to ensure they carry out their due diligence before moving workloads into the cloud. Security cannot be entirely outsourced to cloud providers. If a workload is breached in the cloud, or data is stolen from a workload, the enterprise owner is liable.

The most effective approach for enterprises is network-based security. It’s crucial for enterprises to think holistically about security and leverage the entire network to fortify security postures.

While cloud providers will continue to fortify their platforms, this is only one piece of the puzzle. As organizations migrate to the cloud, add additional clouds and continue to connect IoT devices across the network, end-to-end security becomes even more important. We’re at an inflection point where enterprises are evolving beyond single premises IT deployments and embracing multicloud for their transformations. Organizations need automated, repeatable security that connects the entire network for detection and enforcement.

Securing Victory with a Network-Based Approach 

A network-based security approach allows enterprises to reap these benefits while leveraging the entire network to create a security architecture the includes automation, orchestration and interconnectivity. This helps alleviate the burden on stretched security teams that are forced to handle too much data and too many workloads to effectively defend their organization.

The Cloud Wars are having an overall positive impact on security that enterprises need to capitalize on now. Even though there are security challenges during and after the cloud migration process, the undeniable traction of cloud adoption has raised cybersecurity to top of mind as decisions are made. 


As more enterprises consider cloud adoption, it is the opportune time to ensure security is a central component of all cloud migration strategies and embedded more broadly throughout the entire network. As the war rages on, enterprises have an opportunity to enhance security and shore up defences against the real threat – cybercriminals.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cloud Security

Cloud Disaster Recovery - Ingredients for a Recipe that Saves Money and Offers a Safe, More Secure Situation with Greater Accessibility