Security Risks and Solutions in the Cloud: IBM, Red Hat and the Future of Technology

ames-1118It is a pretty sure bet that in the future, almost everything will be in the cloud. We’re not quite there yet, of course. Most businesses still host their own solutions, but an overwhelming majority use the cloud for one thing or another. According to research from IDG, nine out of 10 companies have either already moved some of their applications or computing infrastructure to the cloud, or plan on doing so in the next 12 months. The folks at McAfee peg that number at 97 percent.

Indeed, there are a lot of cost and efficiency benefits that come with working in the cloud. Without having to buy servers and maintain data centers, businesses can save a lot of money. Plus, cloud technology provides a great deal of flexibility and scalability that on-premise alternatives cannot match. And let’s not forget, with everything in the cloud, workers can access all the information and tools that they need to get the job done at any time, from virtually anywhere on the planet.

The recent market shake-up is a sign of what’s to come

If you weren’t already convinced that the future is in the cloud, then IBM’s recent acquisition maneuver should make you think again. Last month, IBM agreed to purchase open source software dealer Red Hat for $34 billion, paying a 60-plus percent premium to acquire all of Red Hat’s outstanding and issued stock.

Red Hat was founded 25 years ago and rose to popularity selling Red Hat Linux. Since then, it has grown into the second largest server software dealer in the world, eating up 15.3 percent of the market share and trailing only Microsoft. Red Hat sells open source software products to enterprise-level companies all over the world, including 90 percent of all Fortune 500 global companies.

The acquisition is the third largest tech deal ever, and the largest in IBM’s 107-year history. Once finalized, Red Hat will become its own division of IBM, transforming the company into the No. 1 player in the hybrid cloud marketplace, which is expected to grow into a $1 trillion a year market.

Navigating a new security landscape in the cloud

With all these market shifts leading us into the cloud, where are we when it comes to security? Despite its already high adoption rate and attractive benefits, businesses are still wary about the safety of their data in the cloud. And who can blame them? Have you seen the news lately? The thought of breaches and leaks, regulatory violations and fines are keeping folks up at night. And rightfully so — the cloud isn’t a magic safe space in the sky. But that does not make it some inherently insecure, Mad Max-like hellscape, either. Businesses should move as much of their tech into the cloud as possible to gain the benefits the cloud offers, but they should be smart about it first. That means learning the risks and finding out what they can do to protect themselves.

The cloud isn’t a magic safe space in the sky. But that does not make it some inherently insecure, Mad Max-like hellscape, either.

Identifying security risks in the cloud

The cloud isn’t dangerous in and of itself. But you can’t just start lifting files to the cloud and call it a day. Even so, some businesses do. According to McAfee’s “Cloud Adoption and Risk Report,” as much as one-quarter of all data stored in the cloud can be considered “sensitive.” However, nearly 6 percent of AWS S3 buckets can be read by almost anyone in the world. At the same time, enterprise-level organizations have an average of 14 misconfigured IaaS instances running at once, leading to 2,200 misconfiguration incidents a month. In other words, there is sensitive data sitting in publicly accessible storage or behind poorly configured solutions that is probably letting bad actors see information they shouldn’t.

Risk in the cloud is compounded by user behavior. The Cloud Adoption and Risk Report said that risky end-user behaviors such as data sharing in the cloud; sharing data externally; sharing data using open, publicly accessible links and sharing sensitive information via personal email addresses are up 53, 21, 23 and 12 percent year over year, respectively. While workers find these practices to be more convenient, they might not realize just how risky they can be.

In a separate report from McAfee, “Navigating a Cloudy Sky,” compromised accounts and insider threats — which have increased 27.7 percent year over year — were named as the biggest threat to cloud security. McAfee found that 80 percent of respondents said they experienced at least one compromised account each month, and 92 percent of organizations have stolen cloud credentials for sale on the dark web. With a compromised account, cybercriminals can operate within your environment virtually undetected, as if they were one of your employees. Depending on the account(s) that they commandeer (or buy), they may have unfettered access to sensitive data.

But even with all the risk, customers still prefer the cloud. McAfee found that businesses who considered themselves to have a “cloud-first strategy” were twice as likely compared to the rest of the field to trace malware incidents back to content pulled from a cloud application. Despite that, cloud-first organizations still believe that the cloud is safe. In fact, 90 percent said their trust in the cloud has increased since last year, even after a series of high-profile security breaches.

Shared responsibility makes for better security

Perhaps one of the biggest benefits that comes along with moving to the cloud — and one that doesn’t get the attention it deserves — is the shared responsibility of keeping data secure between the cloud provider and their customers. Just because you put your data in the cloud doesn’t mean you’re not responsible for protecting it. Security will still be a big concern for IT departments across the globe. What it does mean is this: service providers will secure the cloud itself, while the customer will be responsible for securing the data within. The reason this works so well is that a breach for you is a breach for the provider, and a breach for the provider is a breach for you. In this scenario, everyone has a vested interest in making sure that data is secured.

Keeping the cloud safe

A safe cloud adoption strategy includes usage tracking, data loss protection, configuration audits and collaboration controls, and is key for businesses that want to succeed in the cloud. Gartner has coined a new term for vendors that provide this suite of cloud security solutions — Cloud Access Service Brokers (CASBs). The vendors sell services that enable businesses to gain insights into all their cloud services, enforce data-centric security policies, detect threats to prevent breaches and leaks, and use controls to make sure they’re always complying with regulations.

It’s hard to protect your cloud services when you have a half-baked view of what’s going on within.


It’s hard to protect your cloud services when you have a half-baked view of what’s going on within. CASBs provide businesses with a consolidated view of the entire organization’s sanctioned cloud-usage and shadow IT deployments. They provide IT professionals with a bird’s eye view of all their configurations and enable them to see precisely who accessed what data, when it was accessed and from what device, which can come in handy in preventing and investigating leaks and breaches. In some rarer cases, CASBs provide assessments of security capabilities and operations for different cloud-service providers.

Data Security

IT professionals can just tell the staff that they’re not supposed to share sensitive information using their personal email address or cloud services. Most folks would ignore it. But with CASBs, IT professionals can enforce security policies at the user and data level, so they don’t have to worry about rebellious co-workers and unauthorized users. They can control which users can access what, and what they can do with it. In other words, IT professionals get to make the rules, and users don’t have a choice but to follow it.

Threat Protection

CASBs also provide businesses with tools so they can play defense. They protect cloud services from usage by unwanted devices, users, and versions of applications with access controls — as if a digital bouncer was deciding who gets in the club and who doesn’t. Other threat detection tools can monitor and analyze user and entity behaviors to detect anomalous behavior. Some CASB developers have their own analyst teams researching cloud-specific and cloud-native attacks.


In addition to keeping all your data in the cloud safe, CASBs also provide businesses with all the visibility, security controls, and reporting capabilities that they need to adhere to and demonstrate compliance with regulatory bodies.

The future is bright with the right protection

The cloud is the future. It’s a cost-effective, more scalable alternative to traditional data centers, and enables your staff to be productive from anywhere on the globe. Eventually — and not very long from now — virtually all the systems we use today will exist in the cloud. Even the biggest players in tech want in on the cloud, with some taking multibillion-dollar positions in the industry.

But we have to be careful as we lift our systems to the cloud. We need to identify the risks and take all the necessary measures to protect ourselves from the potential pitfalls that reside there. We need visibility into our cloud-based systems, controls to protect data loss, breaches and leaks, and tools to cut off outside threats and keep us compliant with regulators.

is president and senior analyst for BPO Media, which publishes The Imaging Channel and Workflow magazines. As a market analyst and industry consultant, Ames has worked for prominent consulting firms including KPMG and has more than 15 years experience in the imaging industry covering technology and business sectors. Ames has lived and worked in the United States, Southeast Asia and Europe and enjoys being a part of a global industry and community.