Abstract: The economic benefits and scalability of public cloud computing are already undeniable due to recent advancements in the field; the only question that remains is cloud security. Despite the enormous benefits of moving their computing workload to the cloud, many organizations continue to show resistance to this change. Cloud security concerns are the most frequently mentioned cause. Organizations are concerned by a larger attack surface created by the worldwide accessibility of services in the cloud. The security and risk control set that enterprises can apply in the cloud is also often limited and impacted by the interoperability and support provided by the chosen Cloud Service Providers (CSPs), and organizations are often not allowed to extend their trusted security solutions they are already familiar with to the cloud. Yet, both traditional computing and cloud computing include security risks, and cloud risk is just as controllable as traditional IT risk. Secondary data obtained from Identity Theft Resource Centre (ITRC) database on cloud incidents from year 2020 to 2022 were analyzed in this study. To determine the primary underlying causes of cybersecurity events observed across the years covered by the available data, the study used trend analysis and descriptive statistics. The analysis shows that cloud incidents are not different from traditional incident and organizations can leverage existing capabilities already developed in traditional computing towards managing the cloud risk. Also, organizations need to take be proactive in their responsibility and take ownership of the risks. As the study shows, the majority of cloud incidents are caused by knowledge gaps and the cloud customer's inability to exercise due diligence and care in ensuring effective controls are put in place to stop prevalent attacks. Effective cloud training and adherence to the established cloud control matrix, like the CSA, would successfully lower risk to a reasonable level.
Abstract: The economic benefits and scalability of public cloud computing are already undeniable due to recent advancements in the field; the only question that remains is cloud security. Despite the enormous benefits of moving their computing workload to the cloud, many organizations continue to show resistance to this change. Cloud security concerns are th...Show More