Skip To Main Content
Jeff Bezos poses in a blue computer server room
Features
From Pivot Magazine

Safe or unsafe? The cloud’s burning cybersecurity question

With its massive hosting abilities, the cloud may seem like a cybersecurity risk. But, experts say, its exceptionally safe

Jeff Bezos poses in a blue computer server roomAmazon CEO Jeff Bezos at an AWS server farm. AWS is the world’s largest cloud provider. (Photograph by Getty Images)

Last December, Amazon Web Services (AWS)—the world’s largest cloud provider, responsible for 40 per cent of global cloud infrastructure in 2021—reported its third outage that month. Previously, a service disruption from AWS wreaked temporary havoc on the digital economy, as companies that rent AWS’s cloud servers, such as workplace communication platform Slack, video game developer Epic Games and Amazon’s Ring doorbell system, were all forced offline.

Was the source of the problem hackers from far away countries or malicious malware? No. The problem stemmed from a power outage at one of AWS’s data centres. Previous outages, which lasted anywhere from one to five hours, were attributed to network congestion and an internal engineering oversight.

While some may perceive the cloud to inherently hold cybersecurity risks—data theft, loss of intellectual property, malware attacks chief among them—many experts maintain that is simply not the case.

“Cloud is exceptionally safe,” says Sanjay Pathak, KPMG Canada’s head of technology strategy and digital transformation services. He cites “robust” cyber defenses and security controls offered by major cloud operators, which he says routinely out-perform typical in-house network security capabilities.

Yet it can be difficult to convince decision-makers otherwise. While 76 per cent of C-suite executives recently surveyed by PwC said they are actively engaged in cloud strategy, 17 per cent defined cloud technology as a security and business risk that requires addressing. As well, 50 per cent of all respondents considered the perceived risks a “significant barrier to realizing cloud value.”

A Deloitte survey similarly found that 85 per cent of respondents said there has been a challenge to convincing decision-makers that the cloud is secure. That reticence is the most significant barrier to a move to the cloud, despite it quickly becoming the backbone of the digital economy.

“The pandemic validated the cloud’s value proposition, accelerated digital business transformation plans and fundamentally changed the way people think about cloud computing,” says Shelden So, KPMG Canada’s national cloud and integration leader. “The discussion today is not whether you’re in cloud, but rather how you’re innovating in the cloud. It’s become a business imperative.”

Simply put, cloud adoption is inevitable. It’s why any business utilizing cloud technology, in part or in full, must know what measures to put in place to keep their operations as secure as possible.

“Do you have the appropriate in-house resources and skill sets to map your data to the cloud and assess security controls?” Pathak asks. “It’s about having the right security and skills available to protect the organization and its assets.”

When it comes to managing risks on the cloud, “it’s not just about cybersecurity and IT security,” So says. “Effective operation in the cloud must also include data process controls. These controls include rules and policies—cloud governance—to oversee data security, manage risk, provide direction to cloud architecture and design, and [establish] how distributed and multi-cloud solutions are managed.”

STAY AHEAD OF THE GAME

Learn about the benefits and issues of cloud computing, the top five questions CPAs have about the cloud and the kinds of technology involved in a digital transformation.