Cloud computing, as a rapidly growing technology, leads the ranking of emerging risks for companies. It is followed by high penalties for the new general data protection regulation and social engineering attacks.
It is clear that cloud computing provides multiple advantages in the digital transformation of companies, among them, agility in managing large volumes of data and speed in the launch of applications. Unfortunately, migration to the cloud brings new vulnerabilities and threats to information security. This is how it is understood by the senior IT executives interviewed by the consulting firm Gartner, who have been asked about the main concerns regarding computer security and business continuity.
Cloud Computing – Emerging Risk
The greatest risk of cloud computing lies with the users themselves, that is, the companies that contract cloud services. Suppliers guarantee the availability and confidentiality of the data residing on their servers but do not control their management. Protecting information in virtualized environments, with user authentication, encryption and decoupling of data, is essential to close security gaps.
High Penalties In Case Of Violation Of RGPD
IT specialists express as another concern the high fines related to the new general data protection regulation. Until May 25, people’s unequivocal consent to use their private data was a topic of relatively little concern. However, companies can now face penalties of up to 20 million euros or 4% of their turnover, for non-compliance with regulations.
Facebook and Google, for example, became the first companies to be denounced for “forcing consent” to their users, in order to continue using their services. “In addition to the economic losses derived from the fines, the impact in terms of reputation and trust of the claims will directly affect the viability of the business,” the respondents conclude.
The Danger Of Social Engineering
The most powerful social engineering attacks target email (phishing), our mobile (vishing), social networks, USB hardware (baiting) and text messages (smishing). Cybercriminals take advantage of our bad and insecure habits of use to introduce malware into systems and infrastructures such as the cloud, further weakened in the event of non-existent identity, incident and vulnerability management policies.