Are We Saying Public Cloud is More Secure? We Just Might Be

Would you believe us if we said data from our new Cloud Security Report shows that hybrid cloud implementations have a 141 percent higher rate of security incidents than a pure public cloud environment? Because that’s what we found.  It may seem surprising, but it is consistent with our findings that risk is cumulative and that combining networks just expands the attack surface. This is just one of the interesting discoveries we found in the latest Alert Logic Cloud Security Report.

Companies of all sizes and across all industries have migrated to the cloud. There are a variety of benefits that come with moving servers, data, and/or applications to the cloud, but the cloud also comes with some inherent risks. Alert Logic analyzed millions of our customers' security events and incidents gathered from around the world over 18 months to gain a better understanding of the general state of cloud security, and the specific challenges and threats that companies need to be prepared to defend against.

One underlying fact we can distill from the Cloud Security Report is that it's the very things that make the cloud valuable, that also make it vulnerable. Servers, data and applications in the cloud are available from almost anywhere, which also means they can be attacked from almost anywhere. Applications in the cloud exist to be executed, and data in the cloud exists to be accessed, but being in the cloud also exposes them to malicious execution or potential data breaches. Alert Logic developed the Cloud Security Report (CSR) to analyze and understand the vulnerabilities so organizations can minimize exposure to risk while taking advantage of the things that make the cloud valuable.

Alert Logic co-founder and Senior Vice President of Products and Marketing, Misha Govshteyn, kicks off the Cloud Security Report with, “Why is the sky blue? What is the meaning of life? Why did the chicken cross the road? Is the public cloud really less secure than on-premises data centers? No one has answers to many of these eternal questions, but we can shed some light on that last one – we have no indication that public cloud is less secure. In fact, there is an increasing body of evidence to the contrary.”

The CSR is the result of comprehensive analysis of more than 30 million security events gathered from nearly 4,000 customers around the world between August of 2015 and January of 2017. The goal of the CSR is to shed light on techniques and trends in terms of how attackers are working to compromise cloud resources. It is also to help companies identify where they may be weak or exposed to these threats so they can take proactive steps to be more secure.

Organizations that are already leveraging the cloud or considering migrating to the cloud need to address the question of which resources should be maintained on-premises as opposed to the cloud, or perhaps a hybrid solution that combines the two. For the things that are moved to the cloud, companies need to determine whether a public or private cloud is a better choice. In order to make any of these decisions effectively, though, business leaders need to have relevant information about the advantages and risks of each.

When it comes to securing cloud resources, you need to know where the weak spots are and how attackers are targeting cloud assets. CMS and eCommerce platforms, cloud-based databases, web applications and other cloud assets are all at risk. However, you have limited security resources to work with—whether its budget, manpower, or time—and you need to understand where attackers are focusing their efforts so you can allocate those resources effectively to provide the best possible protection.

Ultimately, the Cloud Security Report supports the recommendation that organizations accelerate migration to public cloud. Moving to the public cloud offers a unique opportunity to reduce your attack surface and re-architect for better security. The benefits of public cloud are real, and the CSR provides substantiated, data-driven analysis to help you focus your defenses.

It’s a mistake to assume that public cloud is somehow impervious. Lower risk is very different than no risk at all. Our analysis does not conclusively prove that a public cloud is more secure. All we can say for a fact is that within our customer base over the 18-month period we analyzed we saw a significantly lower rate of security incidents in a public cloud environments despite running similar workloads in other hosting environments.

Read the full Cloud Security Report to get more details on the findings from Alert Logic’s comprehensive analysis of security events and incidents.

Alert Logic Cloud Security Report 2017 - Download Here

About the Author

Tony Bradley - Senior Manager of Content Marketing for Alert Logic

Tony Bradley

Tony Bradley is Senior Manager of Content Marketing for Alert Logic. Tony worked in the trenches as a network administrator and security consultant before shifting to the marketing and writing side of things. He is an 11-time Microsoft MVP in security and cloud and has been a CISSP-ISSAP since 2002. Tony has authored or co-authored a dozen books on IT and IT security topics, and is a prolific contributor to online media sites such as Forbes and DevOps.com. He has established a reputation for effective content marketing, and building and engaging a community and social media audience.

Connect | Email Me | More Posts by Tony Bradley