The true state of cloud security

Alert Logic released its first State of Cloud Security Report, a semi-annual quantitative analysis comparing real world security incidents observed in hosted and cloud environments with those observed in traditional on-premise environments.

Counter to the conventional wisdom that infrastructure in service provider managed cloud environments is inherently less secure, the analysis found these environments tend to face a lower level of risk than on-premise environments.

The report found the following:

  • The notion that cloud and service provider managed environments are less secure than traditional on-premise deployments is not supported by the facts. Service provider environments are less likely to see threats, encounter a lower frequency of each type of threat and experience a smaller range of threats per impacted environment, compared to traditional in-house managed IT environments.
  • Service providers appear to bring security benefits to their customers indirectly through their implementation of IT infrastructure management best practices in areas such as configuration and patch management, reducing misconfiguration security incidents by as much as 92 percent.
  • Web application attacks are among the leading source of threats in both types of environments (experienced by 65 percent of service provider customers and 71 percent of on-premise environments). Other common attacks tend to be relatively unsophisticated attacks such as brute force and vulnerability scans.
  • On-premise environments are attacked from many different directions. Out of seven categories of threats analyzed, on-premise customers experienced an average of 3.0 types of attacks, with a small percentage experiencing all seven types. Service provider customers averaged threats in 2.1 categories with none experiencing more than five types of attack.

The report examined 12 months of security data collected from more than 1,500 customers yielding over 62,000 verified security incidents. The security incidents captured during the study period were automatically evaluated through Alert Logic’s expert system and reviewed by Alert Logic’s certified security analysts to ensure accurate detection.

“While security can never be taken for granted, decisions around where and how to deploy IT infrastructure should be based on fact not fear,” said Marty McGuffin, VP of Operations at Alert Logic. “Our research suggests that a well managed service provider can not only match the level of security found inside an enterprise’s four walls, but actually exceed it.”

You can download the report (for free) here.