While I see the possible validity with the statement that there are no new security issues with cloud computing, and instead, merely increase those that already exist, I believe that implementing cloud computing on top/with an existing system can significantly increase/change the amount/type of threats or risks. There are many security risks involved with cloud computing. Similar to traditional networks, data breaches affect cloud networks and lead to a dangerous amount of sensitive stored information being at stake; when data breaches occur, this information can be stolen, damaged/altered, or the company might even face criminal charges. Utilizing multi-factor authentication, encryption, complex passwords (with detailed updating plan, login limit, etc.), and a robust update and maintenance schedule are all recommended.
Data breaches and other forms of attacks typically result from insufficient authentication, such as weak passwords, certificates, and keys. Since APIs and interfaces are used to manage and interact with cloud services, they can both can be hacked/bypassed if not correctly set up and secured; these are often the most exposed areas of the Cloud network since they are typically available from the open Internet. Threat modeling systems and applications should be implemented. Also, continuous penetration testing should be done. All systems and networks will have vulnerabilities that can be exploited, and cloud computing is no different.
However, cloud computing’s specific risks can be reduced by performing constant vulnerability scanning, excellent patch management, and the timely identification and reporting of system threats. With Cloud providers sharing applications and infrastructures, when a problem arises, all platforms involved are affected as well; If one component fails, they all do. To help prevent this problem from becoming a major one, it is recommended to use network segmentation and patch shared resources. While the issues that exist without the implementation of cloud computing are similar to cloud computing’s risks and threats, in cloud computing, the threats are created on a large scale (and often, one must rely on a CSP’s abilities and skill). Additionally, when comparing the threat level and possible issues with cloud computing to a situation where it is not used, there are strengths and weaknesses on both sides. For example, cloud computing provides better management of updates and maintenance and transfers the majority of the risk to a CSP. With using, for example, an organization’s physical resources instead of a CSP’s, more hardware/software will need to be purchased, updated, maintained, and secured, including finding skilled staff to accomplish all of this.
Violino, B. (2019, October 11). 11 top cloud security threats. Retrieved September 21, 2020, from https://www.csoonline.com/article/3043030/top-cloud-security-threats.html.
Patrizio, A. (n.d.). Data Security in Cloud Computing: 8 Key Concepts. Retrieved March 27, 2019, from https://www.datamation.com/cloud-computing/data-security-in-cloud-computing.html.