All this comes with a caveat, however. Organizations shouldn’t think they can simply migrate workloads, storage, applications, and other operations into the hands of a CSP and forget about security because “they’ll take care of it.”
Mark Zurich, managing director at Synopsys, notes that organizations need to pay due diligence to a long list of potential cloud migration security risks, some of them similar to what plagues every organization in any configuration, but some unique to the cloud.
They include data breaches and data loss, insecure APIs, malicious insiders, advanced persistent threats (APTs), denial of service, shared technology vulnerabilities, shared tenancy, multiple users on the same stack, and lack of encryption.
Besides all that, as Cohen put it nearly a year ago, “the cloud interfaces with just about every application and corresponding infrastructure stack in existence.”
That, as any security expert will tell you, makes the cloud an attractive attack surface—there are so many potential entry points.
In a second post, we will focus on how organizations can integrate cloud security into their software security initiatives (SSIs).
You can run to the cloud, but you can’t hide from software vulnerabilities.