Cloud Security Perspectives and Insights

Threat Series: The Future of Cloud Security

Mark Lynd
Head of Digital Business at Netsync

In the last installment of our series, we wrap up our conversation with Greg Jensen with a discussion around the future of cloud security and how leaders can help their businesses stay informed in the security space with the help of the annual Oracle and KPMG Cloud Threat Report

How bright of a future is there for the cloud in your opinion? What about cloud security?

Yeah, you know, I don't think we have to go too far beyond looking at this year’s Super Bowl commercials, you see the fireman walking through a fire or a family with 5G mobile. You have everything focused around what the clouds are going to be providing not just tomorrow, but today. You look at what Oracle and Microsoft are doing with interconnected clouds and the scalability and capabilities that the customers are benefiting from today and will be benefiting from tomorrow with these types of relationships.

But there's still risks that have to be addressed even with all the good that's being done today and will be done tomorrow. I mean, let's face it. We're in a dangerous world. We don't have to spell out too much about the threat actors, but we do know that nation-state threats are on the rise. That's a risk and we do know that there's tremendous financial risk out there. We can see the increase in the amount of financial fraud that's out there. But, when you look at what industries they are going after the one that really surprises me is energy and utilities. This one is surprising in what they spend to thwart potential attacks. I mean as little as two percent of their revenues are used to secure against cyber-attacks. Not just general security, but all cybersecurity. So,  this includes large nuclear facilities and cyber risk only warrants two percent of the revenues? That's one of the lowest investments in cyber security of any industry and so that's one of the things that is very concerning to me and then you look at things such as in the healthcare market and the privacy of medical records, even prescription abuse. You know systems are being compromised and the wrong prescriptions are getting into the wrong people's hands or the wrong dosage and these all are real-world issues.

There are half a million embedded medical devices like insulin pumps and embedded defibrillators, and all of these can be controlled remotely over the Internet through cloud-based systems. Finally, the FDA has issued warnings saying these systems are at risk. They've been tested and confirmed to be exploitable. So that's a real risk in the hands of the wrong nation-state or bad actor or upset former employee. We've got to do a better job here because whether it's monitoring the refrigerator in my kitchen or critical medical devices, as we are only going to see these device numbers multiply and a greater ability for the cloud to control these enabled devices. We have to do a better job protecting consumers around the world, but there are numerous opportunities for our industry to assist consumers and businesses in providing a much stronger experience and more secure experience.

I know you are working on the next Oracle KPMG Cloud Threat Report, so when will it be coming out?

Yeah, so the next Cloud Threat Report will be launched at the end of April. It's going to be a series of five in-depth reports that will be coming out throughout the course of 2020. So, we will be covering a variety of detailed topics critical to the issues of cloud security for organizations today, but one of the leading areas that we're focused on in 2020 is the areas of configuration management and DevSecOps gotchas. That is going to be one that a lot of people will find very interesting. A lot of consideration comes from major breaches around the world. We took a hard look at what we can do to start changing the conversation around threats in the cloud and we definitely found great insights that will be highlighted within the report. Obviously, there's a number of factors that contribute to each breach, but they continue to happen and continue to impact people and organizations in a very public way.

As Greg points out in this series, the landscape for cloud security is constantly changing and it can be challenging to keep up with it. Especially as many digital transformation projects are outpacing the processes needed to properly secure them. Add the confusion around the shared responsibilities between customer and service providers and the risk level continues to rise. To learn more about these topics be sure to download a current copy of the Oracle and KPMG Cloud Threat Report (Don’t forget the new 2020 release will be available at the end of April). If you're interested in hearing more from Greg and our conversation, check out the other blogs in the series, Keeping up with the Challenging Landscape of Cloud Security and The Importance of Visibility for Cloud Security.

Hope you enjoyed this series and if you are interested in learning more about Oracle Security, join me at the RSA Conference at the Oracle booth 6085 in the North Hall.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.