In December 2023, Patrick Ruiz revealed a significant data breach at Okta, Inc., a San Francisco-based company specializing in identity and access management software for businesses utilizing Cloud-based services. This breach, along with prior incidents like Google Drive's data loss, reignites concerns about the reliability and security of Cloud service providers.
While Ruiz acknowledges the undeniable advantages of Cloud
computing—such as cost-efficient infrastructure maintenance, reduced energy
consumption, rapid deployment of applications, and accessible backup
solutions—he omits the significant risks and costs that accompany these
benefits.
Conversely, David Heinemeier Hansson, co-founder of
Basecamp, disputes the cost-effectiveness of Cloud services. In October 2022,
Hansson revealed that Basecamp spent over $3.2 million on Cloud services,
prompting their shift to on-premise hosting. This move is projected to save $7
million over five years, requiring only a $600,000 investment in hardware,
amortized over the same period.
Ruiz’s emphasis on Cloud benefits overlooks critical
security concerns, including weak access management, insecure APIs, system
vulnerabilities, internal and external threats, data loss, and challenges in
cost optimization.
Recent statistics from Check Point Research show a 48%
surge in Cloud-based network attacks from 2021 to 2022, corroborated by
Kaspersky's prediction that Cloud technology will become a prime target due to
increased digitization. Apple’s December 2023 study underscores this
intensifying threat, revealing that over 80% of breaches involve Cloud-stored
data, with 2.6 billion records compromised over the past two years.
Given these security risks, the article questions the
perceived advantages of Cloud computing. Is it wiser, as Basecamp did, to
invest in secure, cost-effective in-house solutions rather than entrusting
sensitive data to external Cloud services?
Not only is the cost exorbitant for government,
public, or private entities relying on public Cloud services, but the security
of the Cloud remains perpetually in question. Among the top threats in the Cloud,
we find:
- Misconfiguration and inadequate
change control
- Identity and Access Management
issues
- Insecure interfaces and APIs
- Inadequate selection/implementation
of Cloud security strategy
- Insecure third-party resources
- Insecure software development
- Accidental Cloud disclosure
- System vulnerabilities
- Limited Cloud
visibility/observability
- Unauthenticated resource sharing
- Advanced Persistent Threats
The Private Cloud
Solution
The prognosis for the future is equally concerning.
Gartner predicts that by 2024, 60% of infrastructure and operations leaders
will experience public Cloud cost overruns, negatively affecting available
budgets. Consequently, data sovereignty is becoming an essential criterion.
"Digital sovereignty is the main topic in 2024,
and sovereign Cloud services are becoming the number one target for businesses.
The ICD report mentions that 79% of global government agencies have started
revising their IT strategy with digital sovereignty in mind. As of early 2023,
17% of public entities were already using sovereign Cloud services, and 30%
plan to adopt similar technologies by 2025."
Given these concerns, the benefits of having a private
Cloud at home are increasingly compelling, especially in terms of control,
security, and customization. Here's a detailed breakdown of these advantages:
1. Enhanced Security
o Complete Control Over Data: Full control
over your data's location, access, and use, reducing risks of unauthorized
access or breaches.
o Customization of Security Measures: Tailor security
protocols to your specific needs, including advanced firewalls, encryption, and
monitoring.
o Isolation from External Threats: A private Cloud
is isolated from the broader internet, reducing exposure to malware,
ransomware, and APTs.
2. Cost Efficiency in the Long Run
o No Recurring Fees: Avoid ongoing
subscription fees or unexpected usage charges, with potential long-term
savings.
o Scalable Infrastructure: Scale your
private Cloud as needed, without worrying about escalating costs.
3. Customization and Flexibility
o Tailored Environment: Create a
customized environment aligned with your business processes and compliance
needs.
o Dedicated Resources: Enjoy
consistent performance with dedicated resources, free from the impact of shared
environments.
4. Improved Performance and Reliability
o Reduced Latency: Local hosting
minimizes data transfer speeds and latency, ideal for real-time processing.
o Greater Uptime Control: Direct control
over maintenance and upgrades ensures minimal downtime.
5. Data Sovereignty and Compliance
o Full Compliance Control: Comply with
local regulations and data protection laws, with full control over data storage
and processing.
o Audit and Reporting: Implement your
own auditing mechanisms for transparent and accountable Cloud operations.
6. Enhanced Privacy
o Data Confidentiality: Ensure your
data remains private, without sharing with third-party providers.
o Personalization: Control who has
access to your Cloud environment.
7. Operational Control
o Direct Management: Manage all
aspects of your private Cloud, from hardware to software, ensuring efficient
operations.
o Customization of IT Policies: Implement IT
policies without constraints, perfectly aligning your Cloud environment with
your goals.
8. Disaster Recovery and Backup
o Tailored Backup Solutions: Design backup
and disaster recovery plans that meet your specific needs.
o Localized Recovery: Faster recovery
in case of failure, managed in-house without dependency on external providers.
9. Long-Term Investment
o Asset Ownership: Invest in
infrastructure with long-term benefits, upgrading as needed to extend its
lifespan.
PT SYDECO's
Solution
PT SYDECO proposes SydeCloud©, a highly secure
private Cloud solution, protected by the next-generation ARCHANGEL© 2.0
firewall and accessible only via VPN, with the server also protected by ARCHANGEL©
2.0.
SydeCloud©,
PT SYDECO's online file-sharing system, offers an enticing alternative. By
housing data and security infrastructure within the organization, it ensures a
controlled environment for processing, storing, transmitting, and accessing
data securely, without relying on external interventions.
SydeCloud©
gathers all the benefits of having a private Cloud.
Watch SydeCloud Video
https://www.youtube.com/watch?v=GDYhO6ngobA
Conclusion
While Cloud computing presents undeniable benefits,
the escalating security risks prompt a reevaluation of its true advantages
compared to in-house solutions. The choice between cost-effectiveness and data
security remains a critical consideration for businesses in today's digital
landscape.
Source
Bill Fassinou, 23 ferier
2023, https://Cloud-computing.developpez.com/actu/341839/Le-directeur-technique-de-Basecamp-affirme-que-l-entreprise-economisera-7-millions-de-dollars-sur-5-ans-en-abandonnant-le-Cloud-au-profit-de-sa-propre-infrastructure/
https://www.globalsecuritymag.fr/Check-Point-Research-fait-etat-d-une-augmentation-de-48-des-attaques-de-reseaux.html
https://www.syde.co/products/the-archangel/
https://Cloudsecurityalliance.org/artifacts/top-threats-to-Cloud-computing-2024
https://www.edi-mag.fr/cubbit/top-4-des-defis-du-Cloud-en-2024-selon-cubbit/
#Cloud
#cybersecurity #security #archangel #ptsydeco #data #network #NGFW #VPN #sydeCloud
#gartner
No comments:
Post a Comment