The Perimeter Has Shifted
Because cloud systems don’t exist behind the company firewall, the traditional perimeter no longer functions as such in the cloud. Clouds require a different kind of wall to protect the resources inside them. Identity is the new perimeter.
With identity as the perimeter, no user should have standing privilege. A comprehensive security system monitors every resource. And every time a user submits an access request, it evaluates all of the attributes associated with that user’s identity (including their role, duties, and usage behaviors) to assess risk. Based on this evaluation, the system either auto-grants access or flags the request for admin review. Identity determines access.
To secure a multi-cloud environment, you must have centrally-managed admin and monitoring. Central management ensures consistent controls throughout the ecosystem and gets rid of one-off configurations. It also simplifies IT’s workflow.
Hackers Have Evolved Along with the Cloud
Hackers go where the data is. Verizon’s research shows that 86% of breaches were financially motivated, and organized criminal groups were behind 55% of breaches. Most cloud systems are a gold mine for hackers because valuable data is easy to collect. Cloud systems are commonly misconfigured, and credentials with standing privilege sit waiting to be compromised. Additionally, resources like open S3 buckets are publicly available and visible to anyone. According to a survey by Sophos, 66% of hacked organizations were breached through security misconfiguration, and 33% had cloud account credentials stolen. These vulnerabilities are so obvious that even non-hackers have spotted misconfigurations and open resources.
In the past year, the world has increasingly relied on cloud resources as remote work accelerated due to the global pandemic. Yet, a Ponemon Institute study indicates that while 60% of companies have experienced a cyber attack during the pandemic, 42% of them aren’t prepared to defend an increasingly distributed workforce. Recent trends indicate that as the variety of cloud service models in use increases (SaaS, IaaS, and PaaS), companies face an ever-expanding set of challenges.
Brace Yourself 2021 is Coming
Organizations moving to the cloud must implement identity-based security solutions and have centralized management, administration, and monitoring. Experian describes the coming year as a ‘cyber-demic,’ but your company doesn’t have to be in the high-risk category. With a perimeter based on identity and a robust security system designed for the cloud, companies can enjoy all the benefits that the cloud offers without making themselves an easy target for cybercriminals.