Asrecent research revealed, 45% of organisations now store customer data in the cloud, 42% store employee data in the cloud, and 24% store intellectual property in the cloud. But, when organisations move workloads and data into the cloud, in doing so they are increasing the likelihood of data leakage if proper security is not employed. Adopting appropriate security measures, therefore, is critical.
Working with any type of cloud provider means handing over important responsibilities to an external third party. No matter what their level of expertise, track record, or number of security accreditations they have, if their security fails, then everyone fails. So, how should businesses be updating their security strategies and methodologies for the cloud era?
A new approach to new vulnerabilities
The cloud era means organisations need to look afresh at both external and internal vulnerabilities. The cyber kill chain, for example, was developed by Lockheed Martin as a threat model that represents the anatomy of a cyberattack.It sets out that attacks arrive in phases and defences can be organised at each specific phase. As a model focused primarily on perimeter security, the well-established steps of the chain (Reconnaissance, Weaponisation, Delivery, Exploitation, Installation, Command & Control, and Action on Objectives) are still valid, but they differ in the cloud.
As businesses outsource much or all of their infrastructure to the cloud, it can potentially enable a greater number of insider attacks.According to recent research, organisations are at significant risk from insider threats, with a 73% of respondents revealing that insider attacks have become more frequent over the past year. When asked the same question in 2017, that figure was 56%.
According to just over half (56%) of organisations, it is more challenging to detect insider threats after migrating to the cloud. Additionally, 41% said that they hadn’t been monitoring for abnormal user behaviour across their cloud footprints, and 19% were unsure if they did. To underline the point, four of the top five reasons for the growing difficulty in detecting insider attacks are related to data moving off premises and into a growing number of applications and devices.
So, what’s is the answer? When infrastructure changes, security must change with it. Any organisation that has at all migrated to the cloud needs to update its definition of security across the cyber kill chain. Relying solely upon legacy security technologies that came out of the on-premises era will increase the chance of security blind spots being exploited once organisations begin to move to the cloud.
Whileresearch has shown that access control (52%) and anti-malware (46%) are the most-used cloud security capabilities, these and others (like single sign-on (26%) and data loss prevention (20%)) are still not deployed often enough. Additionally, as 66% of respondents said that traditional security tools don’t work or have limited functionality in the cloud, adopting appropriate cloud security solutions becomes even more critical. Fortunately, cloud access security brokers (CASBs) can provide many of these essential capabilities.
For example, successfully defending against malware requires organisations to implement a three-point strategy that encompasses devices (endpoint protection), the corporate network (secure web gateways), and the cloud. A few cloud apps provide some built-in malware protections, but most do not. This means a combination of tools is necessary, because neglecting to use tools like CASBs is the missing link that enables infection.
While the cloud has broadened the security perimeter, the risks are manageable when the right tools and processes are put in place. Everyone with an interest in leveraging cloud technologies should take steps to ensure they don’t put security at risk.