Top Public Cloud Security Challenges
While public cloud services provide businesses and agencies with effective data storage, access, and management, they are not an “out-of-the-box” solution. What many organizations fail to understand—sometimes too late—is that these platforms alone are often insufficient when it comes to offering total data protection.
Many cloud services adhere to a shared responsibility model. This means that while the cloud provider protects the security of the cloud as a whole, the customer must protect the security of their data within the cloud. In other words, the user must ensure the integrity of client data, identity and access
management, encryption, and other components of their cloud architecture.
As more organizations migrate to the cloud, they must prioritize their security strategies. They may believe that native tools are enough to rely on, but in truth they need to look further for comprehensive cloud security.
In a recent report, the Cloud Security Alliance (CSA) outlined the top 11 threats to cloud computing for 2020. Data breaches, misconfiguration and inadequate change control, a lack of cloud security architecture and strategy, and insufficient identity and access management were among the biggest security challenges for all industries operating in the cloud. These issues are not unique to any particular industry, but fortunately, they have common solutions.
Challenge:
A data breach can involve the release and/or theft of “personal health information, financial information, personally identifiable information (PII), trade secrets and intellectual property,” said the CSA report. The consequences of compromised data can include fines and other legal penalties, lost customers, and even the closure of a business.
Solution:
Being proactive will help businesses and agencies identify threats before they lead to catastrophic losses. A cloud management platform can provide continual monitoring through automation, so that information security teams receive alerts the moment an anomaly occurs instead of discovering compromised data months—or years—later.
Misconfiguration of public cloud resources is the leading cause of data breaches, said the CSA report. Common examples of this misconfiguration include unsecured data storage elements or containers, excessive permissions, credentials left in default settings, or other control features that are improperly set up or altogether disabled.
Solution:
Again, cloud management platforms can fill in security gaps and work to correct errors. “Companies should embrace automation,” said the CSA report, “and employ technologies that scan continuously for misconfigured resources and remediate problems in real-time.” With these tools, administrators can review AWS config and other rules to ensure they meet audit requirements at all times.
Challenge:
Moving to the cloud is more than a “lift-and-shift” effort when it comes to security said the CSA report. What worked for on-prem assets will likely not work in the cloud.
Solution:
Information security executives should develop clear security strategies that align with business objectives and ensure that their threat models are up to date. The CSA recommends that security strategies include continuous monitoring for vulnerabilities. Automating these processes with a cloud management platform can take the place of time-consuming manual work and eliminate vulnerabilities with the push of a button.
Identity and access management enables organizations to manage, monitor, and secure access to valuable data and resources. Security incidents can arise when administrators ignore best practices like multi-factor authentication; regular automated rotation of cryptographic keys, passwords, and certificates; use of strong passwords; and other measures to protect user credentials.
Solution:
Administrators must develop granular identity and access management policies to give the right people the correct level of access to sensitive data. They can achieve this by using a tool that helps them track users and permissions. Reviewing these policies can also minimize insider threats to data, number six on the CSA’s list of 2020 cloud security challenges.
The move to the cloud is vital in providing personnel with continuous, reliable access to data, whether they are in the office or working remotely. To protect their assets, companies should look to third-party tools to remediate vulnerabilities and ensure that they are following best practices in compliance and security.
Stay-at-home orders have pushed many businesses to see remote work as a necessity, not just a “nice-to-have.” Cloud adoption is an essential step in adapting to changes in the way we work.
Organizations already using the cloud could be poised for success in the current situation. “We have theorized the crisis could accelerate the cloud migration,” Instinet said in its report. “We expect firms with public cloud exposure will emerge stronger from the crisis.”
However, companies need more than what native cloud platform tools can offer. Cloud management platforms can help reduce the burden of manually governing complex cloud infrastructures and offer greater security and compliance measures.
Many cloud services adhere to a shared responsibility model. This means that while the cloud provider protects the security of the cloud as a whole, the customer must protect the security of their data within the cloud. In other words, the user must ensure the integrity of client data, identity and access
management, encryption, and other components of their cloud architecture.
In a recent report, the Cloud Security Alliance (CSA) outlined the top 11 threats to cloud computing for 2020. Data breaches, misconfiguration and inadequate change control, a lack of cloud security architecture and strategy, and insufficient identity and access management were among the biggest security challenges for all industries operating in the cloud. These issues are not unique to any particular industry, but fortunately, they have common solutions.
Preventing data breaches
Challenge:
A data breach can involve the release and/or theft of “personal health information, financial information, personally identifiable information (PII), trade secrets and intellectual property,” said the CSA report. The consequences of compromised data can include fines and other legal penalties, lost customers, and even the closure of a business.
Solution:
Being proactive will help businesses and agencies identify threats before they lead to catastrophic losses. A cloud management platform can provide continual monitoring through automation, so that information security teams receive alerts the moment an anomaly occurs instead of discovering compromised data months—or years—later.
Correcting misconfiguration and inadequate change control
Misconfiguration of public cloud resources is the leading cause of data breaches, said the CSA report. Common examples of this misconfiguration include unsecured data storage elements or containers, excessive permissions, credentials left in default settings, or other control features that are improperly set up or altogether disabled.
Solution:
Again, cloud management platforms can fill in security gaps and work to correct errors. “Companies should embrace automation,” said the CSA report, “and employ technologies that scan continuously for misconfigured resources and remediate problems in real-time.” With these tools, administrators can review AWS config and other rules to ensure they meet audit requirements at all times.
Building a cloud security architecture and strategy
Challenge:
Moving to the cloud is more than a “lift-and-shift” effort when it comes to security said the CSA report. What worked for on-prem assets will likely not work in the cloud.
Solution:
Information security executives should develop clear security strategies that align with business objectives and ensure that their threat models are up to date. The CSA recommends that security strategies include continuous monitoring for vulnerabilities. Automating these processes with a cloud management platform can take the place of time-consuming manual work and eliminate vulnerabilities with the push of a button.
Managing sufficient identity, credential, access, and key policies
Identity and access management enables organizations to manage, monitor, and secure access to valuable data and resources. Security incidents can arise when administrators ignore best practices like multi-factor authentication; regular automated rotation of cryptographic keys, passwords, and certificates; use of strong passwords; and other measures to protect user credentials.
Solution:
Administrators must develop granular identity and access management policies to give the right people the correct level of access to sensitive data. They can achieve this by using a tool that helps them track users and permissions. Reviewing these policies can also minimize insider threats to data, number six on the CSA’s list of 2020 cloud security challenges.
The move to the cloud is vital in providing personnel with continuous, reliable access to data, whether they are in the office or working remotely. To protect their assets, companies should look to third-party tools to remediate vulnerabilities and ensure that they are following best practices in compliance and security.
Protecting public cloud assets
Stay-at-home orders have pushed many businesses to see remote work as a necessity, not just a “nice-to-have.” Cloud adoption is an essential step in adapting to changes in the way we work.
Organizations already using the cloud could be poised for success in the current situation. “We have theorized the crisis could accelerate the cloud migration,” Instinet said in its report. “We expect firms with public cloud exposure will emerge stronger from the crisis.”
However, companies need more than what native cloud platform tools can offer. Cloud management platforms can help reduce the burden of manually governing complex cloud infrastructures and offer greater security and compliance measures.
No comments: