“Cloud environments may be safer than on-premise environments,” said Rohit Gupta, VP, Business Development for Alert Logic. He was referencing a biannual study on cloud security that Alert Logic released this month. We spoke at the VMworld 2012 conference in San Francisco.
The cloud’s questionable security has become such a super hot topic that just the endless discussion of it alone has become something of a joke.
Gupta, who works for a security as a service company, noted that we have a strong discrepancy between what is truly secure and what we think is secure. We believe on-premise is secure because we feel we have a greater sense of control, given that the data is behind the company’s firewalls and on our network. In a cloud environment, users think they have less control.
“It’s a myth, because on-premise can be more compromised or more likely to be compromised than a service provider’s network,” said Gupta who points out that a service provider has to supply security to many customers and is bound by a series of compliance requirements that a company’s on-premise network may not have to adhere to.
In addition, attacks are not equal between on-premise and cloud environments. For example, brute force attacks are more common against corporate networks than service provider networks since they have tools to prevent DDoS attacks, said Gupta.
“[Service providers] must have more stringent controls and processes than corporations have on their own network,” Gupta said.
Additional security benefits of cloud operations include more talent looking at problems and the architecture of a virtual network aids in maintaining security, said Gupta.
Web applications are the target
Companies go to the cloud to deliver Web applications. Web applications haven’t been designed with a lot of security in mind and that’s where the attacks are happening, said Gupta.
What Gupta discovered is that the tools used to hack these applications are freely available open source tools originally designed to help developers test applications.