Tuesday, Sep 22, 2020 | Last Update : 10:41 AM IST

182nd Day Of Lockdown

Maharashtra122438091634833015 Andhra Pradesh6317495518215410 Tamil Nadu5473374919718871 Karnataka5268764233778145 Uttar Pradesh3588932895945135 Delhi2492592133045014 West Bengal2283021989834421 Odisha184122149379763 Telangana1726081419301042 Bihar169856155824870 Assam159320129130578 Kerala13863398720554 Gujarat1247671051913337 Rajasthan116881972841352 Haryana113075908841177 Madhya Pradesh108167836182007 Punjab99930754092860 Chhatisgarh8618347653680 Jharkhand7267358543626 Jammu and Kashmir65026421151024 Uttarakhand4177729000501 Goa2875322726360 Puducherry2319118065467 Tripura2227215441245 Himachal Pradesh124387836125 Chandigarh102987411123 Manipur9010683859 Arunachal Pradesh7385540813 Nagaland5544445110 Meghalaya4733252838 Sikkim2447190529 Mizoram158510120
  Technology   In Other news  07 Jun 2017  Cracks in the cloud: The next frontier for cybercrime

Cracks in the cloud: The next frontier for cybercrime

Published : Jun 7, 2017, 4:02 pm IST
Updated : Jun 7, 2017, 4:02 pm IST

According to a new survey, cloud security is a top concern for Indian chief information security officers (CISOs).

(Representational image)
 (Representational image)

The advantages of cloud computing—scalability, speed to market, lower costs and higher productivity—are well known throughout most industries. But for cyber criminals, this new, borderless infrastructure is a potential goldmine.

According to a new Symantec survey on the state of enterprise data security, cloud security is a top concern for Indian chief information security officers (CISOs). Covering 1,100 CISOs across 11 global markets, the report reveals that CISOs in India are particularly concerned about their ability to respond quickly to attacks.


A widening scope for cloud-based attacks

The survey shows the extent to which cloud security is keeping Indian CISOs awake at night. Tellingly, almost all (91per cent) believe that ensuring cloud applications meet compliance regulations is one of the most stressful aspects of their job.

The industry compliance issues that they find most worrying include tracking broad sharing of compliance-controlled data in cloud applications (23per cent), governance of corporate-owned mobile devices (21per cent),

Other concerns include tracking of activities in sanctioned cloud applications (19per cent), country and region-specific data residency and control regulations (19per cent) and employee use of unsanctioned cloud applications (18per cent)


The widespread adoption of cloud applications, coupled with risky user behaviour that corporations may not even be aware of, is further widening the scope for cloud-based attacks. Indian CISOs estimate that, on average, 34per cent of cloud-based applications used at their company are unsanctioned, or ‘shadow apps’. The vast majority (87per cent) also believe that their Chief Executive Officer has probably broken internal security protocols at some point – either intentionally or unintentionally.

A need for end-to-end solutions

As enterprises become more reliant on the cloud to improve collaboration and flexibility, it’s becoming increasingly difficult for CISOs to keep track of and secure sensitive company data, let alone maintain compliance with regulatory requirements. To bolster information security as their organisation’s data flows between on-premises systems, mobile applications and cloud services, 93per cent of Indian CISOs plan to increase spending on IT staff security training this year. On average, new IT employees will undergo 20 hours of security training during their onboarding process. 


The need for data security, compliance, and residency is also driving Indian CISOs to look for encryption and/or tokenization solutions to support their Software as a Service (SaaS) initiatives. Symantec’s survey reveals that while 98per cent of Indian CISOs believe tokenization of cloud data is the best way to meet data residency and control regulations, only 77per cent use tokenization methods. And while 98per cent use encryption to secure their cloud data, 74per cent use both encryption and tokenization. 

Despite such measures, security challenges remain. Cybercriminal groups are opportunistic in the way they operate, using flaws in legitimate operating systems, tools, and cloud services to compromise networks. To effectively counter such behaviours, CISOs require unparalleled visibility and control over sensitive content that users upload, store and share via the cloud. Rather than relying on one-off fixes and reactive patches to protect confidential information, successful CISOs are eradicating exploitable vulnerabilities by deploying proactive, end-to-end solutions.


Addressing cloud security through a holistic approach

Failure to ensure appropriate security protection when using cloud services could ultimately result in higher costs and potential loss of business, thus eliminating any of the potential benefits of cloud computing. To ensure success, organisations require a new model of integrated security which provides stronger protection, greater visibility and better control of critical assets, users, and data.

Addressing cloud security holistically creates operational efficiencies and allows Indian CISOs to take full advantage of the cloud. This approach guarantees their critical information is secure and protected, giving them the peace of mind they need to lead their companies in the data-driven era.


Tags: cloud security, security, cisos, cybercrime