Cloud (In) Security
According to cybersecurity technology expert Steve King, (posted at https://www.linkedin.com/pulse/cloud-security-faint-heart-steve-king/?trackingld=n0F25F1U0R6E1ryUCjvHew%3D%3D) as of 8/24/19 over 3,800 cyber breaches have been reported this year, a greater than 50% increase over four years. In the first six months of 2019 the number of breaches increased by 54% compared to the same time period in 2018. While the number of records exposed during that time is 30% lower than the same period in 2017, the Capital One breach may change that statistic.
As more data is outsourced to cloud service providers, many organizations are beginning to realize they need to control their own cybersecurity. King cites a recent survey by The Cloud Security Alliance that confidence in cloud service providers is declining due to the increase in breaches related to providers’ lack of appropriate controls.
Data is becoming the main target of cyber attacks. Organizations must define the value of their data and the impact of its loss. Traditional controls and management are not generally effective in the cloud. New technologies scan continuously for misconfigured resources and can remedy problems in real time. Not having this capability, according to King, is “like leaving your wallet on a hotel room bedside table”.
According to McAfee’s latest Cloud Adoption and Risk report, the typical organization uses over 1,900 different cloud services, some of them risky. 21% of all files in the cloud contain sensitive data. If there are no controls over who shares those files, they can be accessed by unauthorized parties. 65% of organizations use Infrastructure-as-a-Service and 52% use Platform-as-a-Service; they come with deep and often complicated security configurations. McAfee reports the average organization has 2,200 misconfiguration incidents per month; misconfiguration led to the Capital One breach.
Given the scope of cloud services and dynamic security configurations that can be changed at any time, manually checking those configurations is unrealistic. A cloud access security broker that continuously monitors and automates security configurations is critical.
While all of the major cloud service providers have taken steps to improve their security controls, an estimated 95% of cloud security failures will result from specific customer issues. Public cloud providers will secure their core areas – infrastructure and hosting services – but their customers are responsible for operating systems, platforms, data and privileged access credentials. Zero trust security is the long term goal, with identity access management an interim solution.
In choosing a cloud service provider an organization must consider what kind of data they are storing in the cloud and what security standards they must comply with. Necessary questions include whether the provider performs regular audits; protection against malicious activity; employee background checks and monitoring. Security must be monitored in real time.
The cloud offers both potential business benefits and vulnerabilities. Moving data to a cloud service provider will greatly expand an organization’s threat landscape and risk profile. Success depends on proper cybersecurity architecture and addressing issues in advance.