Cloud Computing Interoperability: Ongoing Business Need
Even though cloud computing services have been celebrated as an enabling solution for the digital transformation, its rapid assimilation has inadvertently created unique risk opportunities for cybercriminals to exploit. In particular, misconfigurations between cloud assets have become a favored pain point: a metastasizing problem that jeopardizes the benefits of greater cloud adoption. With cybersecurity as a focal point for enterprises, addressing this challenge will require cloud service providers to establish and agree to interoperability standards, a significant undertaking with the potential to engender the next generation of cloud-based systems.
Sustained COVID-19 restrictions and mandated preventative health measures forced companies across industry sectors to defer to Infrastructure-as-a-Service (IaaS) solutions to remain operable and accessible as mobility came to a screeching halt. Capable of offering both flexibility and scalability, companies flocked to cloud computing, a global migration that catalyzed a global market growth of 40.7 percent worth US$64.3 billion, according to Gartner Inc.
Mexico’s once technology adverse business community fomented the growth of the second largest IaaS market in Latin America, according to Frost & Sullivan. As the digital transformation takes hold in Mexico across various industry sectors, the market potential for cloud service adoption has not gone unnoticed by cloud service providers IBM, Microsoft, Amazon, Huawei and most recently Google and Oracle, which have invested billions of dollars in both cloud centers and supporting data centers in the country’s most important urban centers. At this pace, it is possible for cloud infrastructures to blanket the entire market in three years time, if not before, as anticipated by cloud providers.
This market trend is supported by market insight which estimates that 74 percent of CEOs believe that cloud computing will be the most helpful technology for their organizations in the next two to three years, according to an IBM study, Eduardo Gutierrez shared with MBN. This strategic sector could bring Mexico as much US$905 million in investments by 2026, growing at a compound rate of 8.33 percent, according to market research group Aritzon.
Collectively, while these indicators point towards the sustained growth of Mexico’s cloud services sector, inherent cybersecurity challenges threaten to curb its momentum.
Risks Inherent to the Cloud
Market urgency demanded companies to integrate cloud service solutions hastily and often imperfectly, a process that inadvertently created risk opportunities for cybercriminals to exploit and initially collided with an indifference to security preparedness in Mexico. The synergy of these two conditions made Mexican companies a prime target for cybercriminals in 2021, enduring a daily onslaught of more than 427 million cyberattacks, the most of any Latin American country, according to data compiled by Fortinet. This represented a 170 percent increase over 2020 when Mexico only contended with an average of 38 million daily cyberattacks, thereby marking a definitive inflection point for cybersecurity awareness in Mexico.
In a more cognizant cybersecurity landscape, companies are increasingly aware of their vulnerabilities and in 2021 the majority of them were concerned with the backbone of remote work, cloud applications and services. A recent cloud security report revealing that 75 percent of enterprises are either very concerned or extremely concerned about how secure they are on the cloud.
In the past year companies have struggled to secure their cloud infrastructure given that their inherent disaggregated design has introduced multiple entry points for cybercriminals to exploit. These security gaps, which normally form during the initial onboarding process and more commonly during changes between different cloud service providers, constitute the leading cause of cloud data breaches according to various expert reports. Currently, around 62 percent of organizations already rely on at least two cloud deployments, a figure that is likely to balloon to 90 percent, according to projections by International Data Corporation, a trend in direct conflict with the 79 percent of respondents of Cloud Security Alliance’s survey who reported struggling with handling cloud deployments and a largely remote workforce. In other words, companies lack the know-how and the security tools to protect their public cloud infrastructure even as they are considering the addition of other cloud services.
Most commonly, it is only after a security breach that companies learn that cloud service providers are not the sole responsible actors for protecting company data. Dismantling this common misconception is important given that breaches related to remote work on average cost US$1.07 million, specially considering that it usually takes 58 days to identify and contain breach incidents, according to the latest IBM security report. In light of this, companies need to make a concerted effort to understand the differences between clouds and what they can offer. Otherwise they are setting themselves up for misconfigurations. This requires companies to centralize their offering, a challenge that will be further complicated by the addition of other cloud service deployments and application programing interfaces (APIs). Herein lies the underlying problem of multi-cloud deployments and possibly a general issue of the digital transformation: the lack of interoperability between cloud service providers.
Configuring a dynamic cloud environment is highly complex and prone to mistakes given that there is little to no standardization between different architectures, platforms or applications. This challenge requires a multidisciplinary understanding of load balancing, optimization, configuration management and the know-how of adjusting both products to the needs of the company’s infrastructure.
Failure to overlap cloud services perfectly leaves a security gap for cybercriminals to identify and exploit. Furthermore, since it is not in the best interest of service providers to suggest the use of multiple clouds, many companies are left without guidance for their migration. Without proper direction, companies are left to fend for themselves, often spending too much time, money and resources on often faulty multi-cloud deployments.
Altogether, a single multi-cloud deployment project now entails a complex and costly onboarding process, added risk management costs and data storage costs for a product that does not guarantee individual security within the cloud solution. The cumulative price tag will not be ignored by companies, especially now that governments have begun to suspend COVID-19 restrictions and economies gain momentum. Furthermore, these problems have incited the emergence of new tools such as edge and fog computing, which stand to compete with cloud computing. Consequently, if cloud service providers want to secure their business continuity past the global pandemic, they need to begin considering interoperability between their products and services, even if initially only between partnerships.