For most companies, the public cloud is an extension of their on-premises digital estate. Therefore, the state of your cloud security is a microcosm of your organization’s overall security posture. For those companies that have a robust and effective security strategy that is executed with the right combination of people, processes, and technologies, the state of cloud security is good. For less mature organizations, the cloud’s shared responsibility model provides an opportunity to leverage the public cloud provider’s extensive security resources to improve many aspects of security, but this does not abrogate the company’s overall responsibility for security. In this article, one of Valorem's Cloud Security Experts shares some insights into the challenges organizations are facing today and tips for improving your digital security posture this year.
Common Cloud Security Challenges Today
On-demand, self-service access to new services and technologies in the cloud, which may not be fully understood by the customer, creates several challenges associated with the risk of misconfiguration and improperly or inadequately securing these resources. ElasticSearch databases and Kubernetes container orchestration are two common examples of innovative technologies that many companies are rapidly deploying to support agility and growth—often without fully understanding the technology and what is required to properly secure it. Managing resource sprawl can also be a challenge, not only from a cost management perspective, but also in terms of ensuring all cloud resources are fully inventoried, properly configured, and adequately secured.
Big Security Breaches in 2020
The scale of a data breach or data leak in the cloud can be massive. More than 17 billion records were exposed during the first quarter of 2020 in 10 separate security incidents as a result of misconfigured or compromised ElasticSearch, SQL, and other databases in the public cloud. To put that into context, a total of 36 billion records were exposed in nearly 3,000 separate security incidents (including both on-premises and cloud) during the first quarter of 2020. Companies need to ensure their incident response and business recovery plans, including customer communications and any applicable regulatory reporting requirements, are sufficient to effectively address a cloud security incident.
Improve Your Cloud Security
Don’t assume that you can just “lift and shift” your security policies and processes the same way you may have migrated some of your workloads to the cloud. If necessary, update your security governance to ensure it is still relevant and effective in a hybrid (on-premises and cloud) environment and does not inhibit your company’s cloud growth strategy. Next, ensure your I&O and DevOps teams have a strong understanding of any new technologies or services they plan to deploy in the cloud, as well as any appropriate security controls that need to be implemented to protect those resources. When possible, use deployment templates and automation to reduce the risk of misconfiguration. Finally, remember that regardless of what the shared responsibility model says about who is responsible for what, your customers will ultimately hold you responsible for the security of their data so ensure that you are vigilant and proactive when it comes to cloud security.
Cloud security will increasingly require automation, orchestration, artificial intelligence (AI), and real-time threat intelligence to match the scale and velocity of modern cyberattacks. Customers will need to deploy technologies such as extended detection and response (XDR) and secure access service edge (SASE) to extend visibility and control across their entire digital estate from the data center to the cloud and beyond — to endpoints and mobile devices to support work from home (WFH) and work from anywhere (WFA) in our post-pandemic world.
At Valorem, security is built into each stage of our development cycle to ensure our clients' digital transformation journey is efficient, optimized and secure. If you'd like to talk with one of our security consultants about your current security posture or a roadmap to your desired security state, email email@example.com.