May 28, 2020 - 527 views|
Cloud security is a shared responsibility between provider and customer. Here are several steps businesses can take to protect themselves.
Cyber criminals are relentless in their willingness and ability to go after companies of all shapes and sizes around the globe with an ever-increasing quantity and sophistication of cyber attacks. Simultaneously, companies are rushing to the cloud to better enable remote work and take advantage of the cost savings, fast deployment options, flexibility and scalability available.
Simply put, the cloud era has arrived and is here to stay. But (and there’s always a “but”) there’s a common misconception among cloud users that the applications and data they migrate to the cloud are automatically secured by the cloud provider. To quote the great sportscaster Lee Corso: “Not so fast, my friend.” This combination of new technology + confused end users + savvy cyber criminals has opened a whole new universe of attack vectors, and the bad guys have taken notice.
The New Attack Surface
Containers, servers, databases and SaaS applications in the cloud are particularly vulnerable to attack. One particular favorite of cyber criminals is going after customer and partner data located in inadvertently unsecured cloud storage services. The last few years have seen companies across the full spectrum of industries, including airlines, agriculture, healthcare, software, technology and more have their data exposed and sometimes stolen. Even large government agencies have fallen victim, including the U.S. Department of Defense.
The analyst community has commissioned countless research studies to determine why this continues to happen. Gartner recently predicted that 99% of cloud security failures will be the customer’s fault, and emphasized that CIOs need to enforce policies on cloud ownership, responsibility and risk acceptance while following a lifecycle approach to cloud governance and centralizing management and monitoring.
Sharing the Burden
Security in the cloud is a shared responsibility between the cloud provider and the customer. The cloud provider focuses on securing its own infrastructure, networks and foundational services, while the customer is responsible for securing the assets deployed into the cloud environment, such as applications and data. This includes ensuring they’ve installed their workloads correctly and configured their environments properly and that they monitor/manage their workloads for security threats and vulnerabilities on an ongoing basis.
So Where Do We Go From Here?
Keeping your cloud-based applications and data secure may feel like a daunting task, but there are several steps you can take to protect yourself.
Becoming Cloud-First and Cloud-Savvy
Using the cloud yields an array of benefits to help companies expand their customer base, drive incremental revenue, take market share from competitors, enter new lines of business and modernize all aspects of the information technology stack quickly. Be careful, however, to understand the security implications of operating in a cloud-first model so that you don’t inadvertently expose yourself to cyber attacks.
Carefully evaluate new technologies, delivery methods and security providers to determine the optimal mix of security coverage based on your company’s risk tolerance. Businesses that take these precautions will move forward confidently in the cloud-first world.
Visit our COVID-19 resources page for additional insights and updates.