The Cloud Security Report Spring 2014 edition from Alert Logic is available for public download. This report is based on the analysis of data from its customer base of around 2200 active customers. A key finding is that the increase in cloud & hosting environment attacks. Bruteforce attacks have grown up from 30 percent to 44 percent and vulnerability scans increased from 27 percent to 44 percent. They also indicates the increase of Malware/botnet attacks in the cloud environment. One of the key observation by the report authors
“ Cloud environments require more sophisticated security programs than in prior years”
To implement a useful Cloud Security service, the overall solution should address:
- Network: Firewall, Intrusion Detection, and Vulnerability Scanning provide detection and protection, while also lending visibility into security health.
- Compute: Anti-Virus, Log Management and File Integrity Management protect against known attacks, provide compliance and security visibility into activity within an environment, and understand when files have been altered—maliciously or accidentally.
- Application: A Web Application Firewall will protect against the largest threat vector in the cloud: web application attacks. Encryption technologies are ubiquitous for data in-flight protection, and some companies select encryption for data-at-rest when necessary, assuming applications can support it.
- Application Stack: Security Information Event Management (SIEM) can address the big data security challenge by collecting and analyzing all data sets. When deployed with the right correlation and analytics, this can deliver real-time insight into events, incidents, and threats across a cloud environment.
Download the report from the Alert Logic site