Light Dark
September 22, 2017 By Rick M Robinson 2 min read
Cloud Security
Risk Management

There are two popular attitudes about cloud security, and both of them are wrong.

One belief is that putting data in the cloud amounts to putting it on the public internet for anyone to access. Therefore, the only way to keep data safe is to keep it at home and out of the cloud altogether. The opposite belief is that cloud providers cover their own bases well because they have to, meaning that while data in the cloud may pose security challenges, it is no longer your problem.

Simple Errors Lead to Cloud Security Risks

The real truth is more subtle and complex — and so are your cloud security needs. The challenges are out there in plain sight, but many enterprises ignore cloud security risks.

As Infosec Island reported, one key Wall Street firm got its cloud security wake-up call in May when it learned that a bucket permission error allowed any client of the cloud service to access account details belonging to 2.2 million customers. As it turned out, the bucket’s permission structure had been set up incorrectly.

This is the kind of simple error that anyone could make, which is exactly the point. No level of precaution by the cloud provider can eliminate these risks because they are inherent to the relationship between provider and cloud user.

Be Responsible for Your Own Cloud Security

Wherever and however you store your data, you need to provide a means for your own authorized users to access and modify that data. After all, that’s what the data is for. No cloud provider can relieve you of that responsibility because only you can specify the permissions for access. You must ensure that the permissions you grant are only the ones you intend to grant.

Cloud security risks are complex because, in the interconnected world of layered services, multiple third parties may have a role in managing your data. Data owners must be ready to answer questions such as:

  • What security policies do vendors have in place?
  • Do they use contractors who may have access to the data?
  • Where is the data actually stored?
  • What other business relationships do vendors have that could provide additional parties with access to the data?

Services that can automate and manage your third-party risk management process can solve part of the problem. Of course, it’s just as important to manage these services responsibly. After all, it is still your data, and security lapses will end up at your door.

Read the white paper: Address six essential concerns of cloud security to build your business

 |  |  |  |  |  |  |  | 
Rick M Robinson

More from Cloud Security
January 22, 2025

2024 Cloud Threat Landscape Report: How does cloud security fail?

4 min read - Organizations often set up security rules to help reduce cybersecurity vulnerabilities and risks. The 2024 Cost of a Data Breach Report discovered that 40% of all data breaches involved data distributed across multiple environments, meaning that these best-laid plans often fail in the cloud environment.Not surprisingly, many organizations find keeping a robust security posture in the cloud to be exceptionally challenging, especially with the need to enforce security policies consistently across dynamic and expansive cloud infrastructures. The recently released X-Force…

January 8, 2025

Cloud threat report: Why have SaaS platforms on dark web marketplaces decreased?

3 min read - IBM’s X-Force team recently released the latest edition of the Cloud Threat Landscape Report for 2024, providing a comprehensive outlook on the rise of cloud infrastructure adoption and its associated risks.One of the key takeaways of this year’s report was focused on the gradual decrease in Software-as-a-Service (SaaS) platforms being mentioned across dark web marketplaces. While this trend potentially points to more cloud platforms increasing their defensive posture and limiting the number of exploits or compromised credentials that are surfacing,…

December 18, 2024

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature