Capability: Cloud Data Storage

 

Demand for cloud-based offerings has accelerated due to the COVID-19 pandemic, with the importance of flexibility and agility now being realised. Without adapting, businesses risk being left behind, but what are the benefits and how do you know if it’s the right solution for you?

We shared the key advantages of cloud adoption and challenges in cloud security in our previous blogs.

In our final article in this series of blogs, we share the key steps to strengthen your organisations cloud security.

As more businesses adopt cloud technology, primarily to support hybrid working, cybercriminals are focusing their tactics on exploiting vulnerable cloud environments. Last year, a report found that 98% of companies experienced at least one cloud data breach in the past 18 months up from 79% in 2020. Of those surveyed, a shocking 67% reported three or more incidents.

This issue has been exacerbated by soaring global demand for tech talent. According to a recent survey, over 40% of IT decision-makers admitted to their business having a cyber security skills gap.
It’s a vulnerable time for enterprise organisations, and cloud security is the top priority for IT leaders. Here we consider the critical steps you can take now to make your business safer.

1. Understand your shared responsibility model

Defining and establishing the split of security responsibilities between an organisation and its CSP is one of the first steps in creating a successful cloud security strategy. Taking this action will provide more precise direction for your teams and mean that your apps, security, network, and compliance teams all have a say in your security approach. This helps to ensure that your security approach considers all angles.

2. Create a data governance framework

Once you’ve defined responsibilities, it’s time to set the rules. Establishing a clear data governance framework that defines who controls data assets and how data is used will provide a streamlined approach to managing and protecting information. However, setting the rules is one thing; ensuring they’re carefully followed is another – employing content control tools and role-based access controls to enforce this framework will help safeguard company data. Ensure your framework is built on a solid foundation by engaging your senior management early in your policy planning. With their input, influence, and understanding of the importance of cloud security, you’ll be better equipped to ensure compliance across your business.

3. Opt to automate

In an increasingly hostile threat environment, in-house IT teams are under pressure to manage high numbers of security alerts. But it doesn’t have to be this way. Automating security processes such as cybersecurity monitoring, threat intelligence collection, and vendor risk assessments means your team can spend less time analysing every potential threat, reducing admin errors and more time on innovation and growth activities.

4. Assess and address your knowledge gaps

Your users can either provide a strong line of defence or open the door to cyber-attacks. Make sure it’s the former by equipping the staff and stakeholders that access your cloud systems with the knowledge and tools they need to conduct safe practices, for example, by providing training on identifying malware and phishing emails.
For more advanced users of your cloud systems, take the time to review capability and experience gaps and consider where upskilling or outsourcing is required to keep your cloud environments safe.

5. Consider adopting a zero-trust model

Based on the principle of ‘Never Trust, Always Verify’, a zero-trust approach removes the assumption of trust from the security architecture by requiring authentication for every action, user, and device. Adopting a zero-trust model means always assuming that there’s a breach and securing all access to systems using multi-factor authentication and least privilege.
In addition to improving resilience and security posture, a zero-trust approach can also benefit businesses by enhancing user experiences via Single Sign-On (SSO) enablement, allowing better collaboration between organisations, and increased visibility of your user devices and services. However, not all organisations can accommodate a zero-trust approach. Incompatibility with legacy systems, cost, disruption, and vendor-lock-in must be balanced with the security advantages of zero-trust adoption.

6. Perform an in-depth cloud security assessment

Ultimately, the best way to bolster your cloud security is to perform a thorough cloud security audit. Having a clear view of your cloud environments, users, security capabilities, and inadequacies will allow you to take the best course of action to protect your business.

7. Bolster your defences

The most crucial principle of cloud security is that it’s an ongoing process and continuous monitoring is key to keeping your cloud secure. However, in an ever-evolving threat environment, IT and infosec professionals are under increasing pressure to stay ahead of cybercriminals’ sophisticated tactics.

A robust threat monitoring solution can help ease this pressure and bolster your security defence. Threat monitoring works by continuously collecting, collating, and evaluating security data from your network sensors, appliances, and endpoint agents to identify patterns indicative of threats. Threat alerts are more accurate with threat monitoring analysing data alongside contextual factors such as IP addresses and URLs. Additionally, traditionally hard-to-detect threats such as unauthorised internal accounts can be identified.

Businesses can employ myriad options for threat monitoring, from data protection platforms with threat monitoring capabilities to a dedicated threat monitoring solution. However, while implementing threat monitoring is a crucial and necessary step to securing your cloud environments, IT leaders must recognise that a robust security program comprises a multi-layered approach utilising technology, tools, people, and processes.

Get your cloud security assessment checklist and the best cloud security strategies in our comprehensive guide to cloud security.

Demand for cloud-based offerings has accelerated due to the COVID-19 pandemic, with the importance of flexibility and agility now being realised. Without adapting, businesses risk being left behind, but what are the benefits and how do you know if it’s the right solution for you?

We shared the key advantages of cloud adoption in our previous blog. This time around, we identify the biggest challenges of cloud security.

Cloud adoption has become increasingly important in the last two years, as businesses responded to the Covid-19 pandemic. Yet, a 2020 survey reported that cloud security was the biggest challenge to cloud adoption for 83% of businesses. [1]

As cybercriminals increasingly target cloud environments, the pressure is on for IT leaders to protect their businesses. Here, we explore the most pressing threats to cloud security you should take note of.

1. Limited visibility

The traditionally used tools for gaining complete network visibility are ineffective for cloud environments as cloud-based resources are located outside the corporate network and run on infrastructure the company doesn’t own. Further, most organisations lack a complete view of their cloud footprint. You can’t protect what you can’t see, so having a handle on the entirety of your cloud estate is crucial.

2. Lack of cloud security architecture and strategy

The rush to migrate data and systems to the cloud meant that organisations were operational before thoroughly assessing and mitigating the new threats they’d been exposed to. The result is that robust security systems and strategies are not in place to protect infrastructure.

3. Unclear accountability

Pre-cloud, security was firmly in the hands of security teams. But in public and hybrid cloud settings, responsibility for cloud security is split between cloud service providers and users, with responsibility for security tasks differing depending on the cloud service model and provider. Without a standard shared responsibility model, addressing vulnerabilities effectively is challenging as businesses struggle to grapple with their responsibilities.

In a recent survey of IT leaders, 84% of UK respondents admitted that their organisation struggles to draw a clear line between their responsibility for cloud security and their cloud service provider’s responsibility for security. [2]

4. Misconfigured cloud services

Misconfiguration of cloud services can cause data to be publicly exposed, manipulated, or even deleted. It occurs when a user or admin fails to set up a cloud platform’s security setting properly. For example, keeping default security and access management settings for sensitive data, giving unauthorised individuals access, or leaving confidential data accessible without authorisation are all common misconfigurations. Human error is always a risk, but it can be easily mitigated with the right processes.

5. Data loss

Data loss is one of the most complex risks to predict, so taking steps to protect against it is vital. The most common types of data loss are:

Data alteration – when data is changed and cannot be reverted to the previous state.

Storage outage – access to data is lost due to issues with your cloud service provider.

Loss of authorisation – when information is inaccessible due to a lack of encryption keys or other credentials.

Data deletion – data is accidentally or purposefully erased, and no backups are available to restore information.

While regular back-ups will help avoid data loss, backing up large amounts of company data can be costly and complicated. Nonetheless, 304.7 million ransomware attacks were conducted globally in the first half of 2021, a 151% increase from the previous year.[3] With ransomware attacks surging, businesses can ill afford to avoid the need for regular data backups.

6. Malware

Malware can take many forms, including DoS (denial of service) attacks, hyperjacking, hypervisor infections, and exploiting live migration. Left undetected, malware can rapidly spread through your system and open doors to even more serious threats. That’s why multiple security layers are required to protect your environment.

7. Insider threats

While images of disgruntled employees may spring to mind, malicious intent is not the most common cause of insider threat security incidents. According to a report published in 2021, 56% of incidents were caused by negligent employees. [4]

Worryingly, the frequency of insider-led incidents is on the rise. The number of threats has jumped by 44% since 2020.[5] It’s also getting more expensive to tackle insider threat issues. Costs have risen from $11.45 million in 2020 to $15.38 million in 2022, a 34% increase. [6]

8. Compliance concerns

While some industries are more regulated, you’ll likely need to know where your data is stored, who has access to it, how it’s being processed, and what you’re doing to protect it. This can become more complicated in the cloud. Further, your cloud provider may be required to hold specific compliance credentials.

Failure to follow the regulations can result in substantial legal, financial and reputational repercussions. Therefore, it’s critical to handle your regulatory requirements, ensure good governance is in place, and keep your business compliant.

9. API Vulnerabilities

Cloud applications typically interact via APIs (application programming interfaces). However, insecure external APIs can provide a gateway, allowing threat actors to launch DoS attacks and code injections to access company data.

In 2020, Gartner predicted API attacks would become the most frequent attack vector by 2022. With a reported 681% growth of API attack traffic in 2021,[7] this prediction has already become a reality. Addressing API vulnerabilities will therefore be a chief priority for IT leaders in 2022 and beyond.

Check out our comprehensive guide to cloud security for more

 

Notes:
[1] 64 Significant Cloud Computing Statistics for 2022: Usage, Adoption & Challenges
[2] Majority of UK firms say cyber threats are outpacing cloud security
[3] Ransomware attacks in 2021 have already surpassed last year
[4] – [6] Insider Threats Are (Still) on the Rise: 2022 Ponemon Report
[7] Attacks abusing programming APIs grew over 600% in 2021

Demand for cloud-based offerings has accelerated due to the COVID-19 pandemic, with the importance of flexibility and agility now being realised. Without adapting, businesses risk being left behind, but what are the benefits and how do you know if it’s the right solution for you?

In the first blog of our Cloud Security series, we explore the key advantages of cloud adoption.

1. Flexibility

Cloud infrastructure is the key to operational agility, allowing you to scale up or down to suit your bandwidth needs. The pay-as-you-go model offered by most cloud service providers (CSPs) also means that you pay for usage rather than a set monthly fee.

2. Reduced cost

Kind to your cash flow, cloud computing cuts out the high hardware cost. Not to mention the cost-savings of reduced resources, lower energy consumption, and fewer delays.

3. Disaster Recovery

From natural disasters to power outages and software bugs, if your data is backed up in the cloud, it is at a reduced risk of system failure as the servers are typically far from your office locations. You can recover data anywhere to minimise downtime by logging into the internet’s cloud storage portal.

4. Accessibility

We’ve all heard that the office is dead. Workers want the ability to work anytime, anywhere. With cloud (and an internet connection), they can.

5. Greater collaboration

Cloud infrastructure makes collaboration a simple process. The cloud can drastically improve workplace productivity, from online video calls to sharing files and co-authoring documents in real-time. These cloud-native applications are designed to make our lives more efficient through greater collaboration.

6. Strategic value

Ultimately, businesses that have adopted the cloud typically experience greater cost efficiencies, faster speed to market, and enhanced service levels. Adopting the cloud not only reimagines business models and builds resilience but also enables organisations to be agile and innovative, for example, adopt to DevOps methodologies which can prove to be an essential element for businesses looking to get ahead of their competitors.

But what about security? A 2020 survey reported that cloud security was the biggest challenge to cloud adoption for 83% of the business.[1] While the pandemic accelerated cloud adoption, rushed application and the resulting lacklustre security have only intensified security concerns as cybercriminals increasingly target cloud environments.

Check out our comprehensive guide to cloud security for more information.

 

Note:
[1] 64 Significant Cloud Computing Statistics for 2022: Usage, Adoption & Challenges