Cloud computing is the driving force behind digital transformation. During the pandemic, it enabled businesses to quickly support remote working and find new ways to reach their customers. Today the drivers have shifted a bit, but that is no less important. Cloud-based platforms, infrastructure and applications are now being deployed more to drive cost efficiencies, streamline business processes and improve resilience to increasing economic headwinds. But as more business-critical information is transferred to cloud data storage, the risk of theft and extortion increases.
This is where it makes sense to break through the complexity of cloud security and focus on what matters most—protecting the data itself.
Top five cloud security threats
By one estimate, 45% of data breaches in the last year occurred in the cloud, resulting in a cost of over $5M each in the public cloud versus an average of $4.4M per organization across all environments. The same study calculates that cloud migration can add $284,000 to the average cost of a data breach. These are numbers that should concern every boardroom. So where are the cloud security threats most prominent?
misconfiguration is ranked by the US government as the most widespread cloud vulnerability. Compounded by ever-evolving cloud service provider (CSP) capabilities and a lack of in-house capabilities in customer organizations, data stores can be completely exposed to attacks from threat actors or accidental leaks. According to IBM, cloud misconfigurations are now responsible for 15% of security breaches.
IT complexity is a fact of life in the cloud. Research shows that 92% of organizations have a multi-cloud strategy and 80% prefer a hybrid cloud approach. This creates multiple discrete computing environments with different security and policy requirements. This type of complexity is the enemy of effective risk control and can be a major source of misconfiguration.
Software Supply Chains are critical to the DevOps teams building the cloud applications that power modern businesses. However, most of these teams use open-source third-party components, which are often riddled with malware and vulnerabilities. According to one estimate, an average application development project contains 49 vulnerabilities. Another report claims to have seen a 650 percent increase in attackers injecting vulnerabilities into upstream code to exploit before they are discovered.
Bad access controls B. weak passwords or non-existent multi-factor authentication, can allow hackers unauthorized access to cloud data and networks. Attackers can use previously hacked or phished credentials, or simply brute force them with automated tools.
Insecure APIs can create a direct line to sensitive business data. These can be the CSP’s APIs or cloud-delivered business APIs. However, this is usually due to misconfigurations and insufficient authentication/authorization. The result: Anyone with an Internet connection could hijack these communications links to obtain critical data.
Cloud journey support
Cloud security is tough. Cloud environments harbor a large, distributed, and growing attack surface that cybersecurity teams often lack the skills and tools to address. or protect visibility. Some organizations are confused about their role in the cloud security shared responsibility model, while others may seek to apply ineffective legacy controls.
A surefire way to mitigate cyber risk in the cloud would be to focus on what really matters: the data itself. This is what threat actors are targeting when they penetrate the cloud network, so protection efforts should focus on that focus. This is what we call “data-centric security”: the application of strong encryption or tokenization to ensure that even if data is accessed, read, or exfiltrated, it is useless to the attacker.
Beyond these core principles, organizations should look for data-centric security vendors that offer:
- Support for all major cloud platforms
- Continuous detection, classification and protection across the cloud environment
- The scalability to support larger amounts of data as the business grows
- Format-preserving encryption so data is protected but can still be used for things like cloud-based analytics
The best data-centric security solutions maximize protection and minimize cyber risk across the cloud without compromising data utility.