What to know about the data vulnerabilities of the cloud

Moving data storage and processing to the cloud ameliorates some cybersecurity vulnerabilities while heightening others, according to a study published last week by the Carnegie Endowment for International Peace.

The big picture: More and more segments of both the public and private sectors are shifting their systems to the cloud, primarily relying in the U.S. on a handful of companies, chief among them Amazon, Microsoft and Google.

On the one hand, says the report, the centralization of data storage services provides many public and private entities with more advanced cybersecurity protections than what they possess internally.

• “[T]he reality [is] that most organizations—governments and companies—cannot effectively protect themselves. Very few organizations can rival the security teams of the major CSPs [cloud service providers] and are therefore better off entrusting their security to these external firms’ security teams.”
• “This does not mean that the cloud is secure,” says the report, “but it is more secure relative to the security measures most organizations could otherwise achieve.”

On the other hand, the report finds a significant “emerging problem is the systemic risk associated with a centralized approach.”

• That is, the concentration of power and data among what the authors call the CSP “oligopoly” means that, though they may have advanced security infrastructure, a potential breach of even one of these services could be catastrophic.
• Worries about over-reliance on a single CSP has led U.S. government agencies to move toward a "multicloud" strategy in order to minimize risks associated with relying on one firm, says the report.

• That includes the CIA, which entered into a contract with Amazon Web Services to build it a bespoke cloud system in 2013 but is now in the process of soliciting bids for a multicloud solution.

Meanwhile: The major U.S.-based cloud services are also beginning to be challenged by Chinese firms like Alibaba and Tencent for market share across Asia, says the report, a finding that comes as the U.S. and China swap blows over mutual attempts to blunt each other’s technological influence around the world.