How CISOs Can Address The Challenges Of Cloud Misconfigurations

Cloud security is a challenge CISOs face at many organizations. Despite conversations across senior leadership and security teams, it remains one of the primary threats facing modern businesses. According to the 2021 Verizon Data Breach Investigations Report, 73% of data breaches involved cloud assets, a year-over-year increase of 46%, marking the first year that cloud incidents surpassed on-premises ones. However, despite these threats, cloud adoption will continue to skyrocket, Gartner had predicted that global public cloud service spending will reach $332.2 billion in fiscal year 2021. With that in mind, tackling cloud security issues should be a primary cybersecurity concern for CISOs moving into 2022.

Cloud Security Misconfiguration Risks

As organizations add more cloud resources, they increase the likelihood of misconfigurations that can compromise cloud security. According to the Fortinet 2021 Cloud Security Report, 67% of surveyed cybersecurity professionals stated that misconfigurations remain the most significant cloud security risk facing their companies. This is because when a user or team specifies settings that fail to provide adequate cloud data security, attackers can exploit those misconfigurations to compromise or steal data. Misconfigured cloud-based resources create risks for critical environments that can result in unexpected costs and disrupted services.

Threat actors increasingly target misconfigurations as part of their attacks because they can move laterally within an organization’s infrastructure. This should be top of mind for CISOs as they look to secure their organization’s cloud environments.

Multi-Cloud Risks

Each organization’s cloud strategy is tailored to its own needs, meaning that no one-size-fits-all approach to security exists. Most companies use more than one cloud service provider to mitigate the potential for a single-point-of-failure.

For example, organizations may use different cloud providers for Data backup, Application resiliency, Disaster recovery or Global coverage. The survey found that:

• 73% of organizations are pursuing a multi- or hybrid cloud strategy
• 33% of organizations are running more than half of their workloads in the cloud
• 56% of organizations will be running more than half their workloads in the cloud over the next 12-18 months

The cloud provides the scalability, integration, and business continuity capabilities that companies need. While many will continue to maintain an on-premises presence, hybrid accounts for more than one-third of deployments.

Organizations operate in a diverse and expanded digital landscape. Because of this, CISOs and security teams often struggle to manage and secure the various private and public cloud workloads and environments. Despite the benefits of multi-cloud adoption, the current strategies and multiple tools add extra layers of management complexity. And they only become more complex when organizations add cloud services in an adhoc manner, creating management and operational challenges that also increase operational costs.

On top of this, few IT teams have the expertise needed to manage a hybrid deployment that includes multiple public clouds, private cloud, and on-premises environments, leaving CISOs struggling to get ahead of any potential issues.

Creating a Cloud Security Strategy

To overcome the challenges that cloud security presents, organizations need a cohesive approach that involves strategic deployments. Multi-cloud strategies offer CISOs an opportunity to rethink their current approach to security and move away from using a collection of disconnected point solutions.

Redesigning their approach to cybersecurity with a holistic strategy gives CISOs a way to eliminate security gaps by using open standards and protocols that integrate all security activities into a single platform. With all security routed to and managed in the same platform, organizations can more rapidly detect, investigate, and respond to threats.

Further, adopting a security fabric mesh approach that uses machine learning (ML) creates a self-healing security and networking system to protect applications, data, and devices across on-premises data centers and cloud services.

A mesh architecture for Cloud Security

Reducing the risks associated with multi- and hybrid cloud strategies requires a cohesive, tight-integrated mesh architecture to cloud security. As organizations leverage technological advances, so do cybercriminals who now circumvent security measures and attack corporate networks. IT team-created cloud mis-configurations often act as the primary attack vector for these network infiltration attacks.

A mesh approach to mitigating cloud risks gives companies a way to reduce management complexity. By eliminating point solutions by deploying a single, ML-driven platform, organizations eliminate the layers of management complexity that IT teams struggle to navigate.

A more effective and efficient cloud security approach integrates all security activities into a single pane of glass. CISOs and security teams then have visibility into all cloud configurations, ultimately reducing risk. Leveraging next-generation ML, IT security teams can achieve better cybersecurity metrics by reducing the time it takes to detect and mitigate threats. With tightly integrated solutions, CISOs can help build a strong cybersecurity posture and produce the resiliency needed to limit risk while still meeting their business objectives.

(The author Rajesh Maurya is Regional Vice President, India & SAARC at Fortinet and the views expressed in this article are his own)