No major cloud provider has fallen victim to all the malware attacks of the last few years. What does that tell you? Computer systems from the Ukraine to the United States were affected last week by the Petya cyber attack. It’s similar to the recent WannaCry ransomware attack last month.
The WannaCry ransomware took advantage of vulnerabilities in the older versions of Windows that allowed the infection to spread. All someone needed to do was click a malicious link and—bang!—they were infected. That is, if they hadn’t installed the patches and updates.
These attacks are a reminder of why the cloud is a safer place to do your computing.
The parade of attacks in recent years have forced enterprise IT to become more diligent about holistic security. These attacks are successful when security is not holistic, such as when patches and fixes are not applied.
But the generalized security fears have also caused many IT organizations to delay the adoption of new technologies, such as cloud computing. There’s a sense that something new, especially something managed by others, will make things more vulnerable.
Actually, the opposite is true.
Using the public cloud makes you less likely to get attacked and breached. The layers of security in the cloud are more than a deterrent for most attacks. The cloud providers proactively monitor these clouds, and they quickly spot and quickly block them. And they automatically apply operating system, application, and service patches and fixes are automatically behind the scenes.
Extremely few IT organizations do the same. The cost of security is just too much for most enterprises to bear, and most can’t keep up with all that needs to be done to keep their systems and users secure enough from WannaCry, Petya, and other malware that shut down systems.
Enterprises should not run in place when these attacks occur, but instead do a “look in the mirror” assessment around the state of systems and security. You’re likely to find deep issues that can’t be solved overnight. From there, you’ll need to plan the “to be” state of things, including how data, processes, PCs, mobile devices, IoT devices, and other elements are going to be secure.
As you undertake that effort, you’ll find that using the cloud is becoming the best fit for security. It may be counter-intuitive to those who equate hands-on control with effective control, but it’s simply true. The cloud has had outages, yes, just like enterprise IT systems. But no major cloud provider has fallen victim to all the malware attacks of the last few years. What does that tell you?