Companies are moving their operations to the cloud at an increasing rate, but by giving up more control, they are inviting increased cybersecurity risks. Add the fact that remote access is common with cloud deployments and it's no wonder cybersecurity firms like Alert Logic are concerned.
After all, long gone are the days when companies were only putting non-critical data in the cloud. These days core information is being stored there, inviting more risk of a security breach or data hack.
“As organizations continue to migrate workloads and infrastructure to the cloud, security policies and efforts often lag,” said Christine Meyers, director of product marketing at Alert Logic in a recent interview with The SaaS Report. “The increasing use of hybrid environments that include both cloud-based and on-premise resources presents even greater challenges to the effective application of security policies, especially for organizations with limited security and IT staff resources.”
But the risks don’t end there. With hackers evolving at a rapid rate and diversifying in the areas they are targeting with malware and malicious code, it makes it difficult for cybersecurity professionals to keep track of it all. So much so that when Alert Logic hosted its Cloud Security Summit in June, it found 48% of security professionals highlighted a lack of centralized visibility as one of their biggest IT security problems.
For companies moving to the cloud, who they partner with can also mean the difference between having a secure footprint or one that is easily accessible to hackers. They have to go with a company that is able to scale the security efforts across multiple information technology environments whether it's in the cloud or on site instead of just one. Meyers said companies of all sizes should be skeptical of providers who claim to be an expert in a singular area of securing the cloud, leaving the rest to fall to the wayside. “Many companies are at various stages of their cloud transformation journeys, still requiring significant support when it comes to securing their on-premise environments,” said Meyers, noting companies have to find a vendor that can provide complete visibility and around the clock management.
While companies have a lot to do to protect their systems as they move to the cloud, some of it is out of their hands simply because the security market hasn’t caught up to the need. “A dearth of cybersecurity talent is creating an unprecedented recruiting challenge,” said Meyers. “When companies seek out providers, look for those who can offer the full package – the platform, tools, security operations center (SOC) and expert defenders who can serve as an extension of your team.”
Unauthorized Attacks A 2019 Threat
Threats are coming everywhere but unauthorized internal and external access is seen as a big threat for companies moving to the cloud next year. According to Marcela Denniston, VP Field Engineering at ShieldX Networks, cloud adopters need to be concerned about unauthorized access because of the remote nature of cloud deployments. “If unauthorized access is achieved, malicious actors can easily spin up new resources, and move laterally within the flat environment to utilize computing resources and/or exfiltrate data,” said Denniston in a recent interview with The SaaS Report. “Cryptojacking, or the use of cloud resource for cryptocurrency mining has recently become a new risk, making the need for resource visibility and consumption monitoring essential.”
A scary proposition but one that companies can thwart by applying strong authentication policies for access, said Denniston. That includes Single Sign On which enforces authentication in applications where it isn’t built in and applying strong access control policies to ensure access to certain systems are only achieved by specific methods. She said it falls on the organization not to rely solely on the cloud provider to protect their cloud deployment and data in the club but to take proactive steps to mitigate the risk. “It is important to implement strong access and authentication policies, and microsegmentation to ensure both users and systems are only accessible by those who have the business need,” said the ShieldX Networks executive. “This will help prevent unauthorized access, abuse of cloud resources, and the potential exfiltration of data from your organization’s environment.”