A recent study produced by the Ponemon Institute shed light on global enterprises’ growing adoption of Cloud technologies—and the security risks involved in securing these Cloud-based environments.
According to the report, 79% of IT professionals now consider Cloud computing platforms very important to their day-to-day business operations. These professionals estimate Cloud environments now account for 39% of their organizations IT and data processing needs, with that number projected to increase to 51% by 2020. In addition, 43% of all corporate data is now being stored on the Cloud. Clearly, the Cloud has been meaningfully adopted within the enterprise, and its influence is only due to grow.
Unfortunately, many of these Cloud-based environments do not appear to be secured effectively… if they are being secured at all. According to the report, 57% of IT professionals feel their organization isn’t careful enough when they share information with these third party providers, and 33% do not feel their organization is committed to protecting sensitive information in the Cloud. Only about half of the companies consider protecting payment information and customer information their primary security concern.
Even when organizations prioritize securing their multi-cloud environment, they face substantial, unique challenges. Seventy-one percent of IT professionals feel securing the Cloud is much more challenging than securing a conventional technology environment, and half of IT professionals feel the Cloud has made it hearder to control or restrict end user access to data.
Despite these known risks, enterprises appear to be doing little to secure their multi-Cloud environments. One third feel Cloud security is the provider’s responsibility, a third feel it’s their responsibility, and a third feel it needs to be shared. But in practice, internal security teams are being excluded from many critical Cloud security conversations. Only 21% of security teams are consulted regarding their organization’s development of a multi-Cloud environment, and only 46% say their company has clearly defined roles and responsibilities for Cloud security.
Unfortunately, this confusion regarding roles and responsibilities is occurring at time when cyber-attacks on the Cloud are exploding. The top attacks targeting the Cloud, as recently reported by CSO, include and exploit data breaches, poor access management, insecure interfaces and APIs, system vulnerabilities, account hijacking, insider attacks, APTs, data loss, poor due diligence, abuse and nefarious use of cloud services, DoS, and shared technology vulnerabilities.
As this report notes, many of these vulnerabilities are unique to the Cloud infrastructure itself. No matter what Cloud providers promise in terms of offering “bank level security”, many of these services are fundamentally insecure. Often a Cloud service is created by simply scaling up some off-the-shelf hardware and software, and were not designed to offer secure “multi-tenant architecture or multi-customer applications”, creating new shared technology vulnerabilities. Because they are built around offering shared computing resources, Cloud services are particularly vulnerable to DoS attacks. Cloud infrastructures are placed in close proximity and share memory and resources, creating new attack surfaces and shared vulnerability points. And Cloud service providers can delete client data accidentally (without any malicious actors involved).
That’s to say nothing of the many user-error created vulnerabilities mentioned within the report, including poor due diligence and poor access management. Combined, both reports paint a simple picture. While a multi-Cloud environment is increasingly adopted (and necessary) for enterprises, these environments are insufficiently secured by both providers, users, and their combined efforts.
To continuously monitor and shore up security weaknesses created by both users and Cloud providers, enterprises must partner with a third-party security organization. Users and Cloud providers cannot do it on their own. The primary security problems created by the Cloud are baked into the technology itself, and, as we saw, internal technology security teams within organizations are disorganized and dis-empowered to protect their multi-Cloud environments.
It is here that advanced technologies and concepts such as Managed detection and response services have a role to play. MDR is a combination of technology and skills to deliver advanced threat detection, deep threat analytics, global threat intelligence, faster incident mitigation, and collaborative breach response on a 24×7 basis.
However, MDR services are not a replacement of traditional managed security services (MSS) such as log management, log monitoring, vulnerability scanning, and security device management. Both solutions have a role to play; MDR enhances MSS services with focus on detecting and responding to breaches by bringing in complementary technologies and services on security analytics, response orchestration, and threat intelligence.Gartner estimates that the number of organizations using MDR services will grow 15 times in the next 3 years.
A specialized security provider—who offers AI-Driven MDR for Cloud Security—can offer a cost-effective service that includes comprehensive monitoring and analytics of the entire Cloud environment. They can provide protection against both insider and outsider threats, and compliance-minded accelerated detection, response, and remediation against threats emerging anywhere on the Cloud fabric—no matter how complex it may be.