Research & Analysis

Report: The State of Cloud Security

• By Margo Pierce
• 10/03/12

Are security risks in the cloud any greater than those in an on-premises environment?

After analyzing 12 months of operational data, cloud security company Alert Logic in its fall report concluded: "Including more than 2 billion events and [more than] 60,000 security incidents," the cloud security company report concluded that neither environment is less secure.

"The results of this study underscore Alert Logic's earlier conclusion that the cloud is as safe as on-premise environments," the report indicated. "Additional analysis shows that the type of infrastructure (service provider versus on-premise) is a better determinant of the type and frequency of attacks than the target's industry segment.

"Web application and brute force attacks were the two most common incident types experienced in both on-premise and service provider environments."

Various forms of threats to security are defined and rated according to their frequency of occurrence. For example, malware is more likely to be a threat to an on-premises system (36 percent) than within cloud service provider system (4 percent). Here are a few other statistics from the report:

Web application attacks:

• On-premise: 61.4 percent
• Service providers: 27.8. percent

Brute force attacks:

• On-premise: 46 percent
• Cloud providers: 39 percent

("Brute force" is defined as "exploit attempts enumerating a large number of combinations, typically involving numerous credential failures." The example given is password-cracking attempts.)

The report's recommendation: "When selecting cloud service providers, enterprises should consider the rigor and application of these fundamentals in their evaluation process.... It is the quality of management applied to any IT environment that drives good security."