Cloud security has hit the headlines again, but this time not because of a business-destroying data breach. Cisco’s announcement of its $2.35 billion acquisitionOpens a new window of cyber-security firm Duo Security last week comes as other tech firms including Amazon, Oracle and McAfee lock down their own cloud security acquisitions.
The deal underscores one of the biggest concerns companies have about moving their data to the cloud: how to ensure that data is kept private and secure.
Salesforce recently issued a warning to its marketing cloud users, revealing an error may have left APIs exposed to data risk. There is now a history of high-profile cloud security breaches, such as the Apple iCloud hack that exposed the private personal photos of celebrities in 2014. After that, Apple introduced two-step authentication, which seems to have stemmed further problems – for the moment.
Last month Timehop, an app that resurfaces old social media posts, revealed a data breach after a hacker accessed the app’s cloud computing account, which was not protected by multi-factor authentication, stealing the data of 21 million users. Last year, data of as many as 14 million Verizon subscribers lay unprotected in the cloud on an Amazon S3 storage server, easily accessible to anyone with the web address and know-how.
Loss of Control
Naturally, companies are nervous about migrating their data to the cloud. A full 70% of chief information and security officers say security and privacy is their primary concern in serverless computing, and many feel they are handing over the security of their most precious assets to companies outside their control.
Cisco plans to integrate Duo’s security systems across its platforms for devices and the cloud. And as more businesses authorize staff to bring their own devices to the workplace for professional use, security is a prime concern. Duo is moving to ease those worries.
Align the Design
Concerns have been raised that Cisco will ruin Duo’s easy user interface by integrating it with its own, more complex user experience, described by one Ars Technica writer as “a Frankenstein monster nightmare of tabs and infinite nested menusOpens a new window â€. On the other hand, Duo could help improve Cisco’s interface.
Duo has been described as a company that was ‘set up to be sold’: It has found an eager partner in Cisco, which is three years into a revamp aimed at moving toward more cutting-edge software and consultancy services.
The company is reinventing its strategy, moving on from a legacy business of providing hardware such as routers and switchers. While this area of the business still accounts for the bulk of revenues, security is a rapidly growing division, though it makes up just 5% of Cisco’s $48 billion annual sales.
Doubling Down
Under CEO Chuck Robbins, who took the helm in 2015, Cisco is boosting its software and cloud consultancy businesses, helping clients run multi-cloud strategies. It has made various acquisitions, such as cyber-security provider Sourcefire. bought for $2.7 billion in 2013.
More generally, cloud security acquisitions are coming thick and fast this year: Oracle has bought ZenedgeOpens a new window , Amazon Web Services purchased Squrrl and McAfee bought Skyhigh Networks.
As the roll-call of cloud security breaches grows, the industry is doubling down on its efforts to assure enterprises that their data is safe on remote servers. In 2016, Verizon researchers found that 63% of data breaches involve weak, default or stolen passwordsOpens a new window .
Problems, therefore, are not always down to the cloud providers. Weak systems within client companies mean that two-step authentication and other secure identification methods are now vital for businesses with personal data stored in the cloud. More pricey acquisitions are sure to come – as well as further high-profile cloud data breaches – before the issue stops making headlines. Or at least, fewer of them.