CS1901

editor's focus
cyber/information security (also 43%)
and cloud services/solutions (39%)
are the most common technology
areas for increased technology
investment in 2019. Cloud dropped
from first place last year to second
overall for 2019.
According to Howard, the fact that
cybersecurity remains an area of
projected increased spending reflects
government's recognition of its role
as the steward of public data, with
secure transactions now table stakes for
governments in a digital world.
"In today's digital world, cyberattacks are
highly visible, increasingly malicious and
costly, and they erode the public's trust," he
states. "Government CIOs have steadily
increased their prioritisation of cybersecurity
over the years and have gained executive
commitment to vigilance in ensuring that
ever-evolving malicious attacks and threats
are mitigated to the greatest extent possible."
According to McAfee: "Cloud computing
presents many unique security issues and
challenges. In the cloud, data is stored with
a third-party provider and accessed over the
internet. This means visibility and control over
that data is limited. It also raises the question
of how it can be properly secured. It is
imperative everyone understands their
respective role and the security issues
inherent in cloud computing.
SHARED RESPONSIBILITY
Cloud service providers treat cloud security
risks as a shared responsibility, it points out.
"In this model, the cloud service provider
covers security of the cloud itself and the
customer covers security of what they put in
it. In every cloud service - from software-as-aservice
(SaaS) like Microsoft Office 365 to
infrastructure-as-a-service (IaaS) like Amazon
Web Services (AWS) - the cloud computing
customer is always responsible for protecting
their data from security threats and
controlling access to it."
Most cloud computing security risks are
related to data security. Whether a lack of
visibility to data, inability to control data, or
theft of data in the cloud, most issues come
back to the data customers put in the cloud.
Taking software-as-a-service (SaaS) as just one
instance, McAfee offers 10 cloud security
issues:
Lack of visibility into what data is within
cloud applications
Theft of data from a cloud application by
malicious actor
Incomplete control over who can access
sensitive data
Inability to monitor data in transit to and
from cloud applications
Cloud applications being provisioned
outside of IT visibility (eg, shadow IT)
Lack of staff with the skills to manage
security for cloud applications
Inability to prevent malicious insider theft
or misuse of data
Advanced threats and attacks against the
cloud application provider
Inability to assess the security of the cloud
application provider's operations
Inability to maintain regulatory
compliance.
GARTNER DATA & ANALYTICS SUMMIT
As McAfee goes on to conclude:
"Developments such as the rise of
XcodeGhost and GoldenEye
ransomware emphasise that
attackers recognise the value of
software and cloud providers as a
vector to attack larger assets.
“As a result, attackers have been
increasing their focus on this
potential vulnerability. To protect
your organisation and its data,
make sure you scrutinise your cloud
provider's security programs,” it advises. “Set
the expectation to have predictable thirdparty
auditing with shared reports and insist
on breach reporting terms to complement
technology solutions."
Rick Howard, Gartner: Government CIOs
now need to take digital beyond a vision
to execution through digital leadership.
Gartner analysts will provide additional analysis on data and analytics trends at the
Gartner Data & Analytics Summit 2019, taking place 18-19 February in Sydney, 4-6
March in London, 18-21 March in Orlando, 29-30 May in Sao Paulo, 10-11 June in
Mumbai, 11-12 September in Mexico City and 19-20 November in Frankfurt.
www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2019 computing security
07