Common Cybersecurity Problems for Businesses in the Cloud
Often, businesses simply set their cloud environments up incorrectly. For example, according to research by Palo Alto Networks, 60 percent of cloud storage services have logging disabled, meaning that threat actors can enter systems without anyone inside an organization ever knowing. It’s a function of organizations failing to properly configure their cloud environments when they set them up, leaving them vulnerable to easy attacks.
The vast majority of these misconfigurations seem to be going unnoticed: According to a survey of more than 1,000 IT professionals from McAfee, 99 percent of them are unreported. The survey also found that companies believe they average 37 misconfiguration issues per month when in reality this number can reach 3,500.
Another concern is that not all security solutions work in a hybrid environment; a business’s on-premises security solution is not guaranteed to work in the cloud. The four cloud as-a-service environments (infrastructure, platform, software and function) all have different security needs and responsibilities.
What the Top Priorities Should Be to Secure the Cloud
Under the cloud’s shared responsibility model, businesses are expected to implement appropriate access control guidelines to prevent unauthorized access. They should also complete a compliance plan for data loss prevention.
Fulfilling these expectations can be difficult for organizations and businesses with limited resources. Utilizing configuration best practices and security tools is vital.
What are these best practices? A good place to find out is the CIS Controls, a list of 20 high-priority, highly effective defensive actions that every enterprise seeking to improve its cyber defense should take. Available at no charge, the list provides a logical path to gradually improve an organization’s cybersecurity posture.
For example, the first two recommendations are to inventory and control all hardware and software assets on the network. That’s crucial because threat actors are particularly interested in devices that come and go on and off an organization’s network, especially mobile devices, whether personal or company-issued. Another is to continuously assess security systems and respond to vulnerabilities. Businesses that fail to do this are flying blind.
Taken together, the recommendations, developed by IT experts from a range of industries including retail, manufacturing, healthcare, education, government and others, form a foundation on which to build a defense-in-depth security posture.
Implementing foundational cybersecurity best practices can provide some peace of mind when moving to the cloud. More importantly, they ensure that organizations start and stay secure in any environment.