You ever look up and wondered how all that water stays up there without crashing down on us? It turns out the Internet is a series of tubes and they’re holding much more than just water. Cloud providers like Amazon, Microsoft, and Google store massive amounts of grandma’s secret cookie recipes and top-secret government files. With all those cookie recipes, there are growing concerns about the security of the clouds outside of the normal security community. I myself have made a whole career out of worrying about cloud security, but I didn’t think Joe Biden had ever lost sleep on the matter.
White House’s Comprehensive Plan:
In an effort to make sure our skies stay blue, the Biden administration is working on the nation’s first comprehensive plan to regulate the security practices of major cloud providers. The goal? To ensure that our data remains as safe and secure as possible. The plan includes potential regulations and security requirements, like making cloud providers verify the identity of their users to prevent foreign hackers from renting space on US cloud servers. It’s kind of like a doorman, keeping an eye on who’s coming and going.
U.S. officials express significant frustration that cloud providers often up-charge customers to add security protections — both taking advantage of the need for such measures and leaving a security hole when companies decide not to spend the extra money.
Cloud Security Challenges:
Now, you might be thinking, “Hey, these are huge tech giants. Surely they’ve got security locked down, right?” Well, not quite. Take the SolarWinds attack in 2020, for example. Russian hackers managed to slip into at least nine federal agencies and 100 companies, all by renting servers from Amazon and GoDaddy.
The risks of a single cloud provider going down are pretty scary, too. Imagine if one of these giants were to collapse. We could see hospitals cut off from medical records, ports and railroads paralyzed, and financial markets humming to a halt. Not to mention, countless small businesses, public utilities, and government agencies left in the dark. The pandemonium of Netflix going down with AWS and not being able to watch the latest British Bake Off when it drops would be unthinkable.
And as for transparency in cloud security practices, it seems we’re all still a bit in the dark. A recent study by the Treasury Department found that cloud companies provided “insufficient transparency to support due diligence and monitoring.” Basically, we’re trusting these companies with our data, but not everyone is satisified with what we know about how they’re handling it all.
The Industry’s Response:
So, how are the major cloud providers responding to the Biden administration’s plan? Surprisingly, they’re not putting up much of a fight. Google Cloud’s chief information security officer, Phil Venables, even said that increased regulation is “highly appropriate.” Maybe they’re secretly hoping the gov stating some requirements will get them some budget for security initatives they’ve been wanting for a bit but haven’t been prioritized?
But at the same time, some argue that cloud providers are already subject to plenty of regulation, like FedRAMP and the requirements needed to work with regulated entities such as banks and federal agencies. It’s like they’re saying, “Hey, we’ve got armies of auditors and company’s due diligence departments crawling around. Do we really need more?”
As we continue to entrust more of our lives to the mythical cloud, it’s crucial that we address the security concerns. The Biden administration’s plan to regulate cloud security is definitely a step in a direction, but only time will tell how effective it will be.
In the meantime, businesses can prepare for potential changes in cloud security regulations by staying informed and ensuring they have a solid understanding of their own data security practices. And as for our own personal data, perhaps it’s time to take a closer look at the clouds we trust to keep our data safe and secure. After all, it’s better to be safe than sorry when it comes to protecting our cookie recipes.