Increased use of cloud requires smarter security, says Dirk Schrader, resident CISO and VP of security research at the data security product company Netwrix.
Cloud infrastructure has become an integral part of daily workloads for millions of organisations worldwide. After the sudden shift to remote work in 2020, cloud adoption is still in progress and is expected to continue over the next 12 to 18 months. Given the pace of cloud uptake, it is essential that organisations learn how best to protect their data within its boundaries.
In the UK , findings show that 88 per cent of organisations store sensitive data in the cloud, where it can be left vulnerable to cyberattack. Of this data, 65 per cent was personally identifiable information (PII) of customers, 42 per cent was the PII of company employees and 31 per cent was corporate financial information. Threats to this data were ubiquitous with 52 per cent of surveyed companies reporting a cyberattack on their cloud infrastructure within the last 12 months. Of these attacks, phishing was the most widespread at 69 per cent of reported incidents, followed by account compromise at 35 per cent and targeted attacks against cloud infrastructure at 31 per cent.
In this climate of constant cybersecurity risk, 65 per cent of UK respondents named integration with existing IT environment as a main factor that slows down cloud adoption in their organisations.
Protecting data in the cloud
With the rapid rise of cloud computing, the virtualisation of applications and infrastructure has been replacing traditional in-house deployments
In order to secure data in the cloud, organisations should address all three primary attack vectors: data, identity and infrastructure. The survey revealed top three cloud security measures that UK organisations have already implemented: multi-factor authentication, encryption and regular review of access rights. Moreover, 36pc of respondents plan to implement data classification to better protect sensitive data in the cloud.
Protecting the cloud at an infrastructural level
Cloud adoption brings its challenges to IT security team as it adds an additional layer of complexity to any existing security architecture. Cloud environments do not have an established physical security perimeter as they are primarily designed with ease of access and ease of deployment. To ensure data security in the cloud, the entire IT infrastructure of an organisation should be controlled, secured, hardened, and regularly audited to ensure compliance to organisation’s policies as well as relevant legislative standards.
Regular audits bring timely signs of misconfiguration of the network and its components to IT team attention and help avoid security gaps. To streamline the process, auditing activity should be automated with a monitoring solution, which can promptly investigate and remediate any suspicious changes in an organisation’s cloud environment.
Protecting the cloud at an identity level
Attackers use identities to gain access to sensitive data. To decrease the likelihood of a damaging breach, it is vital to control who has access to what data, and whether it is really needed. Least-privilege approach is one the most effective principles that help ensure security within the identity layer of the IT infrastructure. Through comprehensive permissions management, IT teams grant only those privileges needed to complete specific task. In other words, if a subject does not need an access right, the subject should not have that right.
Regular entitlement reviews ensure the users stay on the least necessary level of the access to sensitive data and any excessive rights are timely revoked. Authentication is also key to identities security. Multi-factor authentication should be made mandatory across applications to reduce the risk of account hijacking. Login activities should also be monitored. To this end, alerts should be set up for the following red flags:
•Attempts to log in from multiple endpoints
•Multiple failed logins by any account in a short period
•A high number of login failures during a specified period
Lastly, activity monitoring should be enacted through leveraging user behavioural analytics (UBA) to detect anomalous actions. Significant changes in a user’s behaviour or access patterns might be indicators of a security threat.
Protecting the cloud at a data level
Key to protecting data in the cloud is identifying and classifying the data being stored. With clear visibility into what data organisation have and where exactly it resides, IT team can concentrate their efforts on protecting what really matters. Data classification can be automated to ensure accurate, reliable results. This information can then be used to prioritise data security efforts and set up appropriate security controls and policies.
Some data may need to stay on premises to meet security standards or compliance requirements.
Cloud adoption is not an option anymore, it’s a must for most businesses. Organisations have to partially move their operations to the cloud to ensure their business activities. Urgent transition to remote work with the beginning of pandemic forced IT teams to ensure the bare security minimum of the cloud environment. Now that people have become used to cloud-based reality, it’s time to upgrade the security measures in place.
