Contrary to popular belief, public cloud environments are less vulnerable to security breaches than private cloud, hybrid, or on-premises environments.
This is one of the key findings from Alert Logic’s latest “Cloud Security Report” (available here after registration). The report analyzed nearly 4,000 Alert Logic customers’ data between August 2015 and January 2017.
Co-founder Misha Govshteyn said that since Alert Logic began publishing its cloud security findings in 2011, it has noticed — but not officially concluded – that security attacks tend to occur at lower frequency in public cloud environments than they do on-premises. This pattern can be seen in the 2017 report.
“For many years, we have seen that security incidents in public cloud environments are lower than on-premises. Although we didn’t highlight this in previous Cloud Security Reports we have confirmed this perception through close analysis of our own data. “With years of observation and a clearly established pattern, we are now confident that public cloud environments have lower observed incidents rates than on-premises data centres,” Govshteyn wrote at the executive summary.
Alert Logic’s 2017 report showed that organizations using pure public cloud environments experienced an average of 405 security incident over the 18-month period. The company defines an incident “an event or group that has been confirmed as a valid risk warranting further investigation and analysis, and possibly response”. Researchers did not find any significant differences in incident frequency between Amazon Web Services (AWS), Microsoft Azure, and other public cloud vendors.
On-premises environments had an average of 612 incidents per organisation, which is 51 percent more.
Average security incident count per customer. Source: Alert Logic/2017 Cloud Security Report. Hosted private cloud environments had 684 incidents per customer. Perhaps most shocking, hybrid environments experienced an average of 977 incidents per customer, which is 141 percent more than public cloud environments.
Alert Logic attributed poor performance of hybrid environments in part to the idea that combining public clouds and private clouds can increase an organization’s attack surface as well as exacerbate the weaknesses of each type.
Govshteyn stated that it is possible for installations to combine public and on-premises components to catch the worst of both worlds. He noted that they may not be as responsive to updates as all-public installations and are not as closely attended as on-premises installations with dedicated staff.
He did however note that hybrid cloud data is complicated by the lack of industry consensus on what “hybrid” means. This observation has been supported by other studies, including a Stratoscale survey that found that more than three quarters of IT professionals define “hybrid” in one of two ways. “The ability to move workloads between public and private clouds,” and “the idea that different workloads belong to different environments.”
Despite this, public cloud platforms such as AWS and Azure offer organizations proven security benefits, such the ability to isolate applications within virtual private clouds (VPCs). This reduces the possibility of a compromised application infecting the environment. The report stated that attackers have less chance to move laterally or launch attacks that can quickly escalate into enterprise-wide disasters.
Alert states that public clouds often offer “better security mechanisms” and “easier administration.”
‘Pure” Public Clouds Found to be More Secure Than Hybrid, Private
