3 IaaS Security Challenges Every IT Pro Needs to Know


Tech Insights for ProfessionalsThe latest thought leadership for IT pros

Tuesday, February 4, 2020

As more infrastructure moves to the cloud, IT security professionals need to be aware of the risks that come with IaaS, as well as how best to deal with them.

Article 3 Minutes
3 IaaS Security Challenges Every IT Pro Needs to Know

More businesses are moving to the cloud and making use of infrastructure-as-a-service (IaaS) offerings than ever before. Almost 60% of North American organizations rely on public cloud platforms, and the value of it is predicted to increase from around $182.4 billion in 2018 to $331 billion by 2022. For IT professionals, this brings new challenges and opportunities.

Chief among those challenges is security, particularly when it comes to IaaS. It’s thought that by the end of 2019, vulnerabilities in cloud IaaS services will have increased by 50%.

“Vulnerabilities within IaaS cloud solutions are naturally going to continue to climb as these services are more widely adopted." - Ron Davidson, Chief Technology Officer at Skybox


Therefore, IT professionals need to become more familiar with the specific security issues that IaaS brings with it, or risk their businesses facing potentially devastating data breaches or cyberattacks. Here are three of the issues the industry is most likely to face in 2020, and how you can prepare to deal with them.

1. Asset management

The ubiquity of the cloud means employees are likely to be sharing documents, information and applications across the organization. This can be complicated further by the use of multiple clouds within a single company. With all this sharing going on, it can be easy to lose track of who owns, is responsible for or has permission to view certain assets.

Software exists to manage this, but many offerings aren’t set up to deal with the challenges of public cloud, and costs can soon spiral. Instead, you should focus on planning for the worst. If you have a policy in place to deal with the loss or leak of a document, you can act swiftly to deal with it if such an event occurs.

2. Configuration

On a more practical level, you need to make sure any IaaS solution is set up correctly. Configuration errors can give cybercriminals a backdoor into your organization, and these are more common than you think; the McAfee Cloud Adoption and Risk Report found that the average organization has 14 misconfigured IaaS instances.

If left unchecked, these instances would lead to as much as 2,269 misconfiguration incidents per month, so you need to be triple-checking every part of your network wherever possible. This is doubly important if you have a multi-cloud setup, as these are around twice as likely to suffer a data breach as single or hybrid networks.

3. Decentralized networks

Your IaaS solution will likely apply not only to your office, but also to your employees as they work remotely.

“If I have a roaming user on the road connecting to a cloud application, how do I give them consistent security? If I have a branch office that's doing direct internet access, how do I secure those branch offices?” - Brian Roddy, Engineering Executive of Cloud Security at Cisco


Your cloud provider will have its own security in place, but you’ll be responsible for the actions of employees. A lot of this again comes down to policy; if you can ensure staff members are accessing cloud-based servers in a safe and secure manner, the risks will be much lower.

Tech Insights for Professionals

Insights for Professionals provide free access to the latest thought leadership from global brands. We deliver subscriber value by creating and gathering specialist content for senior professionals.


Join the conversation...