What is Public Cloud?
Public cloud refers to a multi-tenant cloud environment, where virtualisation is used to share hardware and resources between multiple businesses. Public cloud providers include AWS, Google Cloud, and Microsoft Azure. There are many reasons for the popularity of public cloud, including low initial entry costs, scalability, and the outsourcing of hardware maintenance to the provider. However, there are security risks with a public cloud model that it is important to consider when choosing the best infrastructure for your business.
In this article, we will review the security risks of public cloud and look at how a managed provider can help you mitigate these risks.
Understanding public cloud security risks
Misconfiguration
A significant security risk with public cloud is that a portion of the responsibility for cybersecurity is on the user. For many organisations using public cloud, they will not have the in-house security expertise and experience to understand the best way to configure their platform to protect against these risks. On the side of the provider, the infrastructure may be secure, but if the user does not have the correct understanding of how to manage their platform, it could be open to attack.
One high-profile example of this occurred in 2019, when a hacker set up a scanner to look for misconfigurations in AWS platforms, which left databases open to access without authentication. The attacker infiltrated 30 separate organisations, including the bank Capital One, stealing personal customer data including social security numbers and bank details. This attack took advantage of the fact that AWS users configured their platforms in-house, with their lack of platform specific expertise leading to vulnerabilities.
Data breaches and data loss
When managing your own public cloud platform, you may struggle to regularly perform patch management and backups. In a managed cloud solution, for example managed private cloud or managed enterprise cloud, these are processes that can be managed by a provider. With a public cloud solution, however, it will often be left to you to manage in-house.
Patch management is the process of applying ‘patches’ – code updates – to software, operating systems and data in your cloud environment. Security patches are one of the main updates needed. If patch management is not regularly undertaken, this can lead to security vulnerabilities in elements of your infrastructure. Attackers can take advantage of these vulnerabilities to attack these elements, potentially giving them the opportunity to access other elements of the platform, including sensitive data.
Backups are vital to avoiding data loss, whether through a cyber-attack or other form of disaster. Companies who are storing a significant amount of data through a public cloud solution may find backups costly and unmanageable, and may end up not backing up data as regularly as required. When this is the case, in the event of an attack or data breach, a significant amount of data can be lost. Recovering this lost data is often impossible, and even where some data can be recovered this will be time-consuming and expensive.
A lack of regular backups also makes your company more vulnerable to ransomware attacks, where a malicious actor intercepts and encrypts your data, demanding a ransom for it to be returned. When the data being held ransom is not backed up, this is a more critical issue than if the data is backed up and can be recovered easily.
Compliance and legal issues
There is a wide range of regulations and legislations surrounding the storage and transfer of data. General regulations such as the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) apply to any organisations processing personal data related to people within their relative jurisdictions.Additionally, there are sector-specific regulations and regulatory bodies, including the Health Insurance Portability and Accountability Act (HIPAA) for healthcare in the U.S, and the Financial Conduct Authority for the finance sector in the UK.
Repercussions of breaching any of these regulations can include financial penalties, and damage to your business reputation, depending on the severity of the breach.
Due to its multi-tenant nature with shared resources between users, public cloud can bring challenges in meeting compliance requirements, particularly for companies handling sensitive personal data.
Mitigating public cloud security risks with managed hosting
Whichever cloud solution you choose to use, managed hosting will support you to reduce security risks. Public, private, and enterprise cloud can all be offered with management services. Some public cloud providers will offer management services on their platforms, however the majority will leave the management to the user. As mentioned, in-house management of a public cloud can lead to vulnerabilities such as misconfiguration of security measures, putting your business at risk. It also requires significant staff resources to manage at an expert level.
An alternative option is to use a third-party managed service provider (MSP) such as Hyve to manage your public cloud. Hyve can provide a management layer on top of your platform, with our team of experts supporting you in configuring your environment, and on hand 24/7/365 to manage your cloud security. We specialise in managing Azure Public Cloud, and can provide management for any public cloud platform.
Expert management and monitoring
With an MSP managing your platform, you can have peace of mind knowing that a team of experts are responsible for your cloud security. Continuous monitoring ensures that any potential threats or vulnerabilities are caught early and can be prevented before an incident occurs.
Expert configuration
Having a dedicated team managing your public cloud solution helps avoid any potential issues with misconfiguration of security measures. Rather than relying on your in-house team, where you may not have the specific knowledge required, specialists with the required experience ensure that your security suite is configured and running optimally, protecting your platform.
Advanced Security Measures
When working with an MSP to manage your public cloud solution, you can implement additional measures to increase the security of your platform. This can include encryption, multi-factor authentication, and patch management for example, giving you a higher level of protection. These measures can be tailored to your specific needs. Your provider can also conduct regular security assessments and audits to check for any vulnerabilities in your platform.
Choosing the right provider
To maximise the benefits of working with an MSP to provide a management layer for your public cloud solution, you will need to ensure you choose the right provider. While many providers will offer management, the levels of support, monitoring, and expertise will vary. Some providers may not offer significantly more than you are getting directly from your public cloud provider, so it is worth having a consultation with your MSP to check what they can provide.
You should also ensure your provider holds relevant accreditations and is compliant with all relevant legislation and industry standards.
What next?
It is clear that despite the benefits and popularity of public cloud, there are significant security risks which must be considered. If you are currently using a public cloud platform, it is worthwhile assessing your current cloud security, and if there are any gaps or vulnerabilities putting your business at risk. If there are areas you are unhappy with, but you prefer to stick with a public cloud model rather than an alternative, you may consider working with an MSP to manage your infrastructure. The right MSP can provide you with the peace of mind that your infrastructure is secure, and being managed and monitored 24/7 to protect your business.
Interested in finding out how management services could improve the security of your public cloud? Fill out our contact form and one of our cloud experts will get in touch for an initial consultation.
