HOUSTON--(Alert Logic, the leading provider of Security-as-a-Service solutions for the cloud, today released findings of the company’s semiannual State of Cloud Security Report. The research is based on operational data from over 1,600 business customers with IT infrastructure in both on-premise and service provider and cloud environments, analyzed by the company’s security research team to compare the occurrence, frequency and diversity of more than 70,000 security incidents across seven categories of security threats.)--
“For this reason, it matters less whether an application is on-premise or in the cloud; the more important issue is whether its protection is being properly managed. Enterprises should take both available security expertise and resources into account when deciding where to host their systems.”
Overall, the report found that on-premise IT infrastructure is more likely to be attacked, more often, and through a broader spectrum of attack vectors than cloud-based infrastructures, countering security concerns about the cloud. Of notable concern is the continuing prevalence of web application attacks affecting customers in both cohorts.
"Web application-level attacks are still in the majority in many different environments," said Wendy Nather, research director of enterprise security at 451 Research. "For this reason, it matters less whether an application is on-premise or in the cloud; the more important issue is whether its protection is being properly managed. Enterprises should take both available security expertise and resources into account when deciding where to host their systems."
Key findings from the State of Cloud Security Report – Fall 2012:
- Roughly half of all enterprises are victims of web application attacks: Web application attacks were experienced by 53% of service provider environments and 44% of on-premise environments. Even more concerning is that about two-thirds of these attacks were made by freely-available downloadable tools.
- Variations in threat activity among industries are less important than the environment where infrastructure is located: It is not safe to assume that any particular industry is not targeted by attackers, or that an organization is too small to be targeted. Analysis suggests that many attacks are simply opportunistic in nature.
- The cloud is no less safe than the on-premise environment: For every incidence class, the number of incidents per impacted customer was higher in the on-premise environment. The average number of web application attacks is 61.4 among on-premise customers and 27.8 on service provider customers. Brute force attacks and reconnaissance attacks were also experienced with higher frequency in on-premise environments.
- Unsecured personal computers in the U. S. lead to high attack rates: The U.S. was the country of origin for 33 percent of the incidents analyzed in this study, including 35.4 web application attacks per impacted customer.
- Global indicators reveal that attacks originating in the East lead to breaches in the West: The research noted an especially high frequency of incidents per customer impacted for reconnaissance attempts originating in China. This suggests a scenario in which hackers in China are doing reconnaissance, identifying vulnerable workstations in the bandwidth-rich U.S., adding those machines to botnets and using them to launch attacks on nearby targets. [Infographic available.]
“Unfortunately, the cloud security myth is a stereotype that has prevented the industry from focusing on the real issues impacting enterprise security,” said Stephen Coty, research director at Alert Logic. “Rather than falling victim to perception-based beliefs, businesses should leverage factual data to evaluate their vulnerabilities and better plan their security posture.”
About Alert Logic
Alert Logic, the leading provider of Security-as-a-Service solutions for the cloud provides solutions to secure the application and infrastructure stack. By integrating advanced security tools with 24×7 Security Operations Center expertise customers can defend against security threats and address compliance mandates. By leveraging an “as-a-Service” delivery model, Alert Logic solutions include day-to-day management of security infrastructure, security experts translating complex data into actionable insight, and flexible deployment options to address customer security needs in any computing environment. Built from the ground up to address the unique challenges of public and private cloud environments, Alert Logic partners with over half of the largest cloud and hosting service providers to provide Security-as-a-Service solutions for business application deployments for over 1,700 enterprises. Alert Logic is based in Houston, Texas, and was founded in 2002. For more information, please visit http://www.alertlogic.com.