Cloud computing was the lifeline that kept many companies
running during the pandemic. But it was a classic case of medicine
that comes with serious side effects.
Having anywhere, anytime access to data and apps gives companies
tremendous flexibility in a fast-changing world, plus the means to
scale and customize IT at will. The cloud is an asset or upgrade in
almost every way.
With one glaring exception: cybersecurity.
The cloud promised to make companies more secure and security
more straightforward. Yet over the same time period that the cloud
took over computing, cyber attacks grew steadily worse while
security teams felt increasingly overwhelmed.
Why?
We will explain shortly. For lean security teams, the more
important question is how to make cloud security work, especially
as the cloud footprint grows (a lot) faster than security
resources. Will the cloud always cast a shadow on
cybersecurity?
Not with the strategy outlined in a free ebook from Cynet called
“The Lean IT Guide to Cloud
Security[1]“. It explains how
security teams with less than 20, 10, or even 5 members can make
cloud security work from here forward.
Storms Brewing in the Cloud
The “cloud rush” prompted by the pandemic certainly caught
hacker’s attention. Attacks on cloud services rose 630%[2]
in 2020 and topped on-premises attacks for the first time[3]. The sudden increase in
cloud adoption explains some of that uptick – the cloud was a
larger target than before. But this really had nothing to do with
the pandemic.
It was only a matter of time before hackers started relentlessly
targeting the cloud, now costing businesses $3.8
million[4] on average with each
successful breach.
Clouds look to hackers like prime targets, more appealing than
almost any other.
On the one hand, clouds house huge stores of valuable data along
with mission-critical applications. They are where the valuable
targets live, so they’re an obvious, even inevitable attack
vector.
On the other hand, clouds either complicate or compromise many
of the cyber defenses already in place, while coming with
complicated defensive requirements of their own. Many cloud
environments end up insecure, making them an easy attack vector as
well.
As long as hackers continue to see clouds as equally vulnerable
and valuable, the onslaught of attacks will only get worse. The
damages will too.
Making Sense of the Shared-Responsibility
Model
A big reason that cloud security gaps are so common (and so
gaping) is because of the unique way we approach cloud
cybersecurity.
Most cloud providers rely on the shared-responsibility model,
where security responsibilities are split between the vendor and
the customer.
Typically, customers handle data accountability, endpoint
protection, and identity and access management. Vendors deal with
application and network controls, host infrastructure, and physical
server security (sharing agreements vary).
Research consistently shows that customers are confused about
what is and isn’t their responsibility. But even among those that
aren’t confused, the dividing line between responsibilities can
(and has) lead to contentious disputes or security loopholes
waiting for hackers to find them.
Problematic as the shared-responsibility model may be, it’s
standard practice. What’s more, it can be a tremendous asset to
learn security teams in particular provided they know their
responsibilities…and pick the right partner.
Cloud Security Starts with Vendor
Selection
For better or for worse, the shared-responsibility model
obligates cloud customers to form security partnerships with their
vendors. And some vendors are better than others.
Thoroughly vetting any cloud provider must be a prerequisite,
but that takes time on the part of the evaluator and transparency
on the part of the provider. Certifications like STAR Level 2
verify a provider’s security credentials, but some companies go a
step further and hire risk management services to evaluate a
particular cloud. In any case, the goal is to get independent,
objective proof the provider takes security seriously.
Upon selecting a vendor, following their security guidance (to
the letter) could not be more important. Failure to do so has
caused more than a few cloud attacks. Lean teams can make major
improvements to cloud security, often at no cost whatsoever, by
simply doing what the vendor says to do.
The Key Pieces for Lean Security Teams
Picking the right provider/partner solves a big part of the
cloud security puzzle. That said, important and ongoing
responsibilities still fall entirely on the security team.
These can be the weak-points that open the door to cloud attacks –
but the right tools address each of the key responsibilities facing
cloud customers, and the right vendors integrate more of those
tools onto platforms to consolidate cloud security in a manageable
form.
In the free ebook “The Lean IT Guide to Cloud
Security[5]“, Cynet describes what
the optimal cloud security toolkit looks like, along with how lean
security teams can take advantage of similar strengths without
increasing staff or ballooning security spending.
The ebook offers an effective guide to cloud security to the
many companies struggling to protect their most important
IT. By design, however, it’s also a practical and accessible
framework designed to help security teams of any size secure cloud
deployments of any size.
If cloud security falls on your shoulders, use the guidance from
Cynet to make the maximum impact for the minimal investment.
Find out the keys to success in “The Lean IT
Guide to Cloud Security” by downloading the free ebook.[6]
References
- ^
The Lean
IT Guide to Cloud Security (go.cynet.com) - ^
rose
630% (compliancy-group.com) - ^
first
time (www.datacenterknowledge.com) - ^
$3.8
million (www.ibm.com) - ^
The Lean
IT Guide to Cloud Security (go.cynet.com) - ^
Find out
the keys to success in “The Lean IT Guide to Cloud Security” by
downloading the free ebook. (go.cynet.com)
Read more https://thehackernews.com/2022/10/cloud-security-made-simple-in-new.html