Cybercriminals are Following Business to the Cloud
Moving to the cloud brings a host of benefits to streamline business processes and accelerate growth. It’s nearly impossible to stay competitive and not take advantage of what the cloud offers. For this reason, almost every company is either entirely in the cloud or is using a hybrid cloud/on-premises approach. But businesses aren’t moving to the cloud unhindered. Cybercriminals, seeing a rich opportunity, are following on their heels.
Hackers are quickly retooling their methods and technologies to target the cloud effectively. According to global intelligence firm IDC, nearly 80% of the companies surveyed experienced at least one cloud data breach in the past 18 months, and 43% reported ten or more breaches. Let’s examine why organizations face such a challenge in securing the cloud and what they need to do to protect their cloud resources better.
The Quest for Agility and Efficiency Overlooked Cloud Security
Cloud systems and resources deploy rapidly and scale up and down quickly, allowing organizations to move fast and use only what they need. And because cloud storage space and computer power are cheap, nearly infinite amounts of data can be stored and processed in the cloud. From software to databases to DevOps, everything is available in the cloud. Organizations are continually finding new ways to use these resources to improve agility and efficiency. In fact, in the race for competitive advantage, many organizations face mandates to move further into the cloud.
But the desire for speed has led to security gaps. Companies have often failed to configure their cloud resources in a secure manner, assuming that security in the cloud works the same way as security for on-premises systems.
The Cloud is Different
But the cloud is different by nature, especially the multi-cloud environments that most organizations have implemented today. Rather than fixed assets existing permanently behind the company firewall, instances of servers come and go in the cloud. Legacy tools simply aren’t built to manage this. And those legacy tools that are modified to work with the cloud often work only in one cloud provider but not others. Because organizations rarely operate in only one cloud, these tools are woefully insufficient. Licensing is also an issue since legacy security tools are typically licensed and configured to work on explicitly defined systems.
The Perimeter Has Shifted
Because cloud systems don’t exist behind the company firewall, the traditional perimeter no longer functions as such in the cloud. Clouds require a different kind of wall to protect the resources inside them. Identity is the new perimeter.
With identity as the perimeter, no user should have standing privilege. A comprehensive security system monitors every resource. And every time a user submits an access request, it evaluates all of the attributes associated with that user’s identity (including their role, duties, and usage behaviors) to assess risk. Based on this evaluation, the system either auto-grants access or flags the request for admin review. Identity determines access.
To secure a multi-cloud environment, you must have centrally-managed admin and monitoring. Central management ensures consistent controls throughout the ecosystem and gets rid of one-off configurations. It also simplifies IT’s workflow.
Hackers Have Evolved Along with the Cloud
Hackers go where the data is. Verizon’s research shows that 86% of breaches were financially motivated, and organized criminal groups were behind 55% of breaches. Most cloud systems are a gold mine for hackers because valuable data is easy to collect. Cloud systems are commonly misconfigured, and credentials with standing privilege sit waiting to be compromised. Additionally, resources like open S3 buckets are publicly available and visible to anyone. According to a survey by Sophos, 66% of hacked organizations were breached through security misconfiguration, and 33% had cloud account credentials stolen. These vulnerabilities are so obvious that even non-hackers have spotted misconfigurations and open resources.
In the past year, the world has increasingly relied on cloud resources as remote work accelerated due to the global pandemic. Yet, a Ponemon Institute study indicates that while 60% of companies have experienced a cyber attack during the pandemic, 42% of them aren’t prepared to defend an increasingly distributed workforce. Recent trends indicate that as the variety of cloud service models in use increases (SaaS, IaaS, and PaaS), companies face an ever-expanding set of challenges.
Brace Yourself 2021 is Coming
Organizations moving to the cloud must implement identity-based security solutions and have centralized management, administration, and monitoring. Experian describes the coming year as a ‘cyber-demic,’ but your company doesn’t have to be in the high-risk category. With a perimeter based on identity and a robust security system designed for the cloud, companies can enjoy all the benefits that the cloud offers without making themselves an easy target for cybercriminals.
Want to learn how your company can secure cloud resources, achieve a 240% ROI, and realize $34.4M in benefits over three years? Check out this Total Economic Impact™ (TEI) study by Forrester Consulting.