Estudo revela que empresas expõem bancos de dados e serviços de armazenamento ao migrarem suas estruturas para a Cloud.

Security company Palo Alto Networks has released a study showing trends and analyzing the behavior of companies that are migrating their infrastructure to the cloud – that is, outsourcing part of their infrastructure to providers like Amazon and Google. According to the survey, many companies make various mistakes in this process, which can expose databases, make the process more expensive, or make adopting the service less advantageous. Cloud computing is often associated with online storage services, but it is much more than that for businesses. Among other benefits, it is more flexible and reduces costs with scale, as it tends to be "elastic": it expands during peak access times, without requiring the company to maintain an idle processing center during low-usage hours. However, when placing its infrastructure in a fully online system, the company must adopt appropriate measures. As companies store employee and customer information, negligence can ultimately harm consumers through data leaks. The benefits for companies moving to the cloud are clear: greater flexibility, agility, scalability, and cost reduction. However, adopting public cloud infrastructure can also increase security risks and compliance challenges. The study data points to problems in various areas. The research reveals that 28% of databases receive connections from the internet — typically, databases are for the exclusive use of the company's application and do not need this external connection. Furthermore, 49% of databases are not encrypted and 32% of companies have some cloud storage service exposed. These oversights, while not synonymous with data leaks in themselves, lower the barriers that could be present for an attacker. Inadequate access controls were also targeted by the study. It states that 29% of companies suffer from possible account compromises, that is, when someone without authorization obtains system access credentials. Even with the risk of losing an account, 27% of companies adopt root access — accounts with full control, without restrictions, and which, therefore, should be avoided, especially when there is a risk of unauthorized access. These and other missteps can contribute to an unnecessarily painful migration to the cloud. For Palo Alto Networks experts, it is easier and cheaper to design projects with security from the beginning than to pay the bill when problems occur, as the company can suffer from lost sales, image problems, and even fines due to legislation. The study highlighted that the cloud is a trend for companies and that it is even more secure than traditional infrastructure, but that there is still sometimes a lack of information, especially in the use of newer technologies, such as containers. It also highlights that the cloud operates on a shared responsibility model: the provider handles basic issues, but the customer is responsible for everything else. Thus, the provider supplies the security of the base structure, such as routers, datacenters, etc., however, the customer is responsible for the rest. One cannot assume that by moving to the public cloud, security is fully guaranteed. It is necessary to use the cloud correctly, with governance, compliance, etc., as is done in private infrastructure. And mainly with a migration process well planned and adjusted to the needs of each company. Source: G1 Technology