Cyber criminals are relentless in their willingness and ability to go after companies of all shapes and sizes around the globe with an ever-increasing quantity and sophistication of cyber attacks. Simultaneously, companies are rushing to the cloud to better enable remote work and take advantage of the cost savings, fast deployment options, flexibility and scalability available.
Simply put, the cloud era has arrived and is here to stay. But (and there’s always a “but”) there’s a common misconception among cloud users that the applications and data they migrate to the cloud are automatically secured by the cloud provider. To quote the great sportscaster Lee Corso: “Not so fast, my friend.” This combination of new technology + confused end users + savvy cyber criminals has opened a whole new universe of attack vectors, and the bad guys have taken notice.
The New Attack Surface
Containers, servers, databases and SaaS applications in the cloud are particularly vulnerable to attack. One particular favorite of cyber criminals is going after customer and partner data located in inadvertently unsecured cloud storage services. The last few years have seen companies across the full spectrum of industries, including airlines, agriculture, healthcare, software, technology and more have their data exposed and sometimes stolen. Even large government agencies have fallen victim, including the U.S. Department of Defense.
The analyst community has commissioned countless research studies to determine why this continues to happen. Gartner recently predicted that 99% of cloud security failures will be the customer’s fault, and emphasized that CIOs need to enforce policies on cloud ownership, responsibility and risk acceptance while following a lifecycle approach to cloud governance and centralizing management and monitoring.
Sharing the Burden
Security in the cloud is a shared responsibility between the cloud provider and the customer. The cloud provider focuses on securing its own infrastructure, networks and foundational services, while the customer is responsible for securing the assets deployed into the cloud environment, such as applications and data. This includes ensuring they’ve installed their workloads correctly and configured their environments properly and that they monitor/manage their workloads for security threats and vulnerabilities on an ongoing basis.
So Where Do We Go From Here?
Keeping your cloud-based applications and data secure may feel like a daunting task, but there are several steps you can take to protect yourself.
- Understand your security responsibilities in the cloud. Discuss where the lines of responsibility are drawn with your cloud provider. Don’t assume anything.
- Remain in constant communication with your cloud provider to understand new security-related capabilities the company has launched (or will launch in the future) that you can leverage.
- Take an honest look at the maturity of your security approach and implementation across your cloud environment(s). Utilize impartial third-party security experts to baseline your security posture and develop roadmaps to close current gaps and provide robust security coverage in the future. Consider whether your security team is large enough and sufficiently skilled to maintain a strong security posture. If it isn’t, evaluate companies that can take on the burden of security management on your behalf.
- Evaluate your IT development/deployment processes. Update processes as necessary to ensure security is being baked in as early in the process as possible.
- Continuously scan your cloud deployments for security vulnerabilities and data leakage. Patch application and infrastructure issues as quickly as possible.
- Educate employees and partners about security best practices. Test them regularly.
Becoming Cloud-First and Cloud-Savvy
Using the cloud yields an array of benefits to help companies expand their customer base, drive incremental revenue, take market share from competitors, enter new lines of business and modernize all aspects of the information technology stack quickly. Be careful, however, to understand the security implications of operating in a cloud-first model so that you don’t inadvertently expose yourself to cyber attacks.
Carefully evaluate new technologies, delivery methods and security providers to determine the optimal mix of security coverage based on your company’s risk tolerance. Businesses that take these precautions will move forward confidently in the cloud-first world.
Visit our COVID-19 resources page for additional insights and updates.
Subscribe to our newsletter and get expert insights straight to your inbox.×
SUBSCRIBE TO OUR NEWSLETTER✖
Thanks for your interest in Digitally Cognizant.
To complete the subscription process, please click the link in the email we just sent you.