There is a huge rise in the use of cloud security services as well as cloud-related security incidents and breaches. Cloud services are not going away and for good reason. They offer many benefits including improved data scalability. Even the U.S. Transportation Command (TRANSCOM) uses commercial cloud services.
However, there are several considerations that must be made when securing data in the cloud. A report by Cybersecurity Insiders revealed that between midyear 2017 and midyear 2018, 18% of organizations polled experienced at least one cloud security incident.
Most of the participants stated that misconfiguration of cloud platforms is a key threat to cloud security followed by unauthorized access to the cloud and insecure interfaces/application programming interfaces (APIs). This data comes as no surprise because there will always be the human element to consider when it comes to security.
It is important to know where your responsibility lies when working with a cloud service provider (CSP). There are several key factors that influence the level of security that should be considered. Ensure you have open, ongoing and detailed conversations with your CSP to clarity specifically which party is responsible for each task involving security. Maintain control of who has access to the data and confirm that the data is encrypted. Not encrypting your data leaves your sensitive information in plain view for anyone to see. As a similar comparison, you wouldn't risk leaving your home open and unlocked. Securing your credentials by creating unique keys for each external service is another important step that should not be overlooked. Also, always practice defense-in-depth including multi-factor authentication as well as increased visibility by using security logging and monitoring. Carefully considering and executing each of these steps can help deflect the human error element of breaches.
Engaging with security professionals can help ensure you have taken the proper measures. Consider hiring a security professional to perform a Security Controls Audit. Having a 3rd party review governance, data management, environment configuration and cyber threats is very beneficial.
TO LEARN MORE SPEAK TO A CYBERSECURITY EXPERT TODAY ›
As threats to the cloud are always evolving, we must stay proactive in our efforts to improve security. Although this list is not exhaustive, here are some considerations to make when using the cloud.
There have been numerous stories of cloud security breaches recently. Have you heard about the story of the World Wrestling Entertainment (WWE) breach? Over 3 million users' private information including addresses, educational backgrounds and earnings were exposed. All the data was stored in plain text and was not username/password protected in the Amazon cloud server.
Another story you may recall was the leak of personally identifiable data of nearly 200 million U.S. voters using cloud storage. This was a result of improperly configured security settings.
Health-insurance provider, Anthem also experienced a cloud related breach. This breach exposed the private information of over 80 million people. There are countless stories about breaches involving cloud security. Understanding the nature of how and why these breaches occurred provides valuable security insight.
CSP's offer several benefits for organizations but must be paired with exceptional security practices. Organizations must remember to prioritize security when using these services. Organizations that utilize cloud service providers need to be fully aware of the security risks and the steps required to mitigate them. In each instance of exposed data, there is a shared responsibility. You want to ensure if your company is ever named in the wake of a data breach, you have done everything you possibly can to protect people's private information. This is where Security Controls Audit is a helpful tool to provide you with a more in-depth look at your security posture.