IoT Deployments Fuel ‘Chaotic’ Cloud Security
Cloud security remains "complex and chaotic" and the Internet of Things threatens to increase cloud security risks, warns a survey of IT security managers conducted during last month's RSA security conference.
The survey of nearly 1,000 RSA attendees by security vendor AlienVault found that one third considered their cloud security monitoring to be "complex and chaotic." More worrying, 62 percent expressed concerns that the security situation will worsen with the as more IoT devices and services are support by enterprise clouds.
Meanwhile, while 45 percent believe the advantages of the IoT outweigh the security risks, an equal number revealed that their company does not monitor IoT network traffic. An additional 20 percent said they were unsure whether or not IoT traffic was tracked.
"The driving force behind cloud and IoT is the availability and analysis of information, but they must be managed and monitored in the right way," asserted Javvad Malik, AlienVault's security advocate. "Many companies are using these impacting technologies to reap the technological and business benefits they provide, but they are doing so without proper monitoring—leaving their company at greater risk of attack."
Malware infecting corporate networks was listed as the top security concern, but other responses illustrated the fragmented approach being taken to cloud security. For example, 39 percent of respondents said they their organization uses more than 10 different cloud services, and an additional 21 percent said they do not know how many cloud applications are being used in their companies.
Making matters worse, 40 percent of security managers said they are not consulted before a new enterprise cloud platform is deployed. This lack of visibility is fueling cloud security risks, according to the survey results released on Wednesday (March 29).
Uncertainty about cloud security also is driving confusion among corporate security managers who are unable to keep up with cloud deployments and new applications such as IoT. AlienVault, San Mateo, Calif., argues that its survey results underscore the need for companies to address factors they can control, including threat detection and incident response both on premises and in the cloud.
Along with lack of visibility into cloud security and malware threats arising from "shadow IT," others security concerns cited by RSA attendees included unauthorized file sharing and stolen credentials.
Growing security worries are likely to fuel the enterprise shift to hybrid cloud infrastructure. Acknowledging the cost and flexibility advantages driving cloud adoption, the survey concluded that security managers "need to be able to determine whether it makes more sense to deploy a particular service to the cloud or keep it on-premises."
Meanwhile, most respondents said the advantages of IoT deployments outweigh the security risks. High-profile hacks of IoT devices with minimal security features appear to have raised awareness about the need for closer monitoring of IoT traffic on corporate networks.
With IoT deployments emerging, the security specialist recommends that enterprises create separate network segments for IoT devices and traffic. Other security tips include eliminating default passwords common in early IoT devices while rolling out regular firmware updates.