CS1901
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
editor's focus<br />
cyber/information security (also 43%)<br />
and cloud services/solutions (39%)<br />
are the most common technology<br />
areas for increased technology<br />
investment in 2019. Cloud dropped<br />
from first place last year to second<br />
overall for 2019.<br />
According to Howard, the fact that<br />
cybersecurity remains an area of<br />
projected increased spending reflects<br />
government's recognition of its role<br />
as the steward of public data, with<br />
secure transactions now table stakes for<br />
governments in a digital world.<br />
"In today's digital world, cyberattacks are<br />
highly visible, increasingly malicious and<br />
costly, and they erode the public's trust," he<br />
states. "Government CIOs have steadily<br />
increased their prioritisation of cybersecurity<br />
over the years and have gained executive<br />
commitment to vigilance in ensuring that<br />
ever-evolving malicious attacks and threats<br />
are mitigated to the greatest extent possible."<br />
According to McAfee: "Cloud computing<br />
presents many unique security issues and<br />
challenges. In the cloud, data is stored with<br />
a third-party provider and accessed over the<br />
internet. This means visibility and control over<br />
that data is limited. It also raises the question<br />
of how it can be properly secured. It is<br />
imperative everyone understands their<br />
respective role and the security issues<br />
inherent in cloud computing.<br />
SHARED RESPONSIBILITY<br />
Cloud service providers treat cloud security<br />
risks as a shared responsibility, it points out.<br />
"In this model, the cloud service provider<br />
covers security of the cloud itself and the<br />
customer covers security of what they put in<br />
it. In every cloud service - from software-as-aservice<br />
(SaaS) like Microsoft Office 365 to<br />
infrastructure-as-a-service (IaaS) like Amazon<br />
Web Services (AWS) - the cloud computing<br />
customer is always responsible for protecting<br />
their data from security threats and<br />
controlling access to it."<br />
Most cloud computing security risks are<br />
related to data security. Whether a lack of<br />
visibility to data, inability to control data, or<br />
theft of data in the cloud, most issues come<br />
back to the data customers put in the cloud.<br />
Taking software-as-a-service (SaaS) as just one<br />
instance, McAfee offers 10 cloud security<br />
issues:<br />
Lack of visibility into what data is within<br />
cloud applications<br />
Theft of data from a cloud application by<br />
malicious actor<br />
Incomplete control over who can access<br />
sensitive data<br />
Inability to monitor data in transit to and<br />
from cloud applications<br />
Cloud applications being provisioned<br />
outside of IT visibility (eg, shadow IT)<br />
Lack of staff with the skills to manage<br />
security for cloud applications<br />
Inability to prevent malicious insider theft<br />
or misuse of data<br />
Advanced threats and attacks against the<br />
cloud application provider<br />
Inability to assess the security of the cloud<br />
application provider's operations<br />
Inability to maintain regulatory<br />
compliance.<br />
GARTNER DATA & ANALYTICS SUMMIT<br />
As McAfee goes on to conclude:<br />
"Developments such as the rise of<br />
XcodeGhost and GoldenEye<br />
ransomware emphasise that<br />
attackers recognise the value of<br />
software and cloud providers as a<br />
vector to attack larger assets.<br />
“As a result, attackers have been<br />
increasing their focus on this<br />
potential vulnerability. To protect<br />
your organisation and its data,<br />
make sure you scrutinise your cloud<br />
provider's security programs,” it advises. “Set<br />
the expectation to have predictable thirdparty<br />
auditing with shared reports and insist<br />
on breach reporting terms to complement<br />
technology solutions."<br />
Rick Howard, Gartner: Government CIOs<br />
now need to take digital beyond a vision<br />
to execution through digital leadership.<br />
Gartner analysts will provide additional analysis on data and analytics trends at the<br />
Gartner Data & Analytics Summit 2019, taking place 18-19 February in Sydney, 4-6<br />
March in London, 18-21 March in Orlando, 29-30 May in Sao Paulo, 10-11 June in<br />
Mumbai, 11-12 September in Mexico City and 19-20 November in Frankfurt.<br />
www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2019 computing security<br />
07