Cloud security has become a major focus for organizations worldwide as they battle with a growing number of data breaches and application sprawl that makes defense more complicated.
These were among the results of a global Thales survey of 3,000 IT security professionals, which found a third of respondents named cloud security the top priority, as less than 10% of enterprises have encrypted 80% or more of their cloud data.
Nearly two-thirds of respondents (65%) identified cloud security as a current concern, and nearly half of respondents said it is more difficult to manage compliance and privacy with cloud complexity.
Cloud security is deeply intertwined with DevOps, where the main challenge is managing secrets (cited by 56%). However, progress is being made with 53% of organizations having formal security champion programs, according to the study.
Rom Carmel, CEO at Apono, explained cloud security involves a dual strategy: Minimizing the attack surface and limiting the blast radius.
“Reducing the attack surface focuses on preventing breaches by securing entry points, while limiting the blast radius aims to contain potential breaches, preventing lateral movement and reducing exposure throughout the cloud environment,” he said.
Carmel noted the adoption of the cloud created a situation where engineering and operation teams are the ones creating and maintaining infrastructure, and with that, directly affects the cloud posture constantly.
“Therefore, IT security teams must work closely with these teams on the engineering side to build processes to enforce security guardrails constantly as part of managing a dynamic environment,” he said.
He added as more of the enterprise’s assets move to the cloud, attacks are increasingly focused on leveraging misused identities and existing access that those identities have.
“It is challenging more than ever before for security teams to keep a tight grip on who should have what access levels as the business requires to deliver fast,” Carmel said. “I believe we will be seeing a continued dominant trend in cloud IAM security on the rise very soon,” he said.
Omri Weinberg, co-founder and CRO at DoControl said he agreed the shift to cloud environments has dramatically expanded the attack surface for many organizations.
To effectively prevent cloud breaches, he said, companies need to focus on three key areas: Visibility, access control and continuous monitoring.
“Firstly, organizations need complete visibility into their cloud and SaaS environments,” he explained.
He noted many breaches occur because organizations don’t know what systems they have in place nor what data they have where, nor understand the configuration of those systems.
“Secondly, organizations should implement strong access controls and follow the principle of least privilege, or zero-trust,” Weinberg said. “This helps minimize the damage if credentials are compromised.”
He added continuous monitoring is essential: Cloud environments are dynamic, so security must also be dynamic.
“Look for solutions that can automatically detect and respond to threats in real-time,” Weinberg advised.
IAM, MFA and Least Privilege Access Controls
Paul Scott, solutions engineer at Cado Security said organizations must implement strong identity and access management (IAM) practices including using multi-factor authentication (MFA) for all user accounts.
“Security teams should also focus on enforcing least privilege access controls, granting only the permissions needed, and regularly reviewing and revoking access for inactive users,” he said.
There should also be a focus on following best practices for configuring cloud resources, ensuring unused services are disabled, using strong passwords for resources, and keeping software up to date to patch vulnerabilities.
He pointed out that using the cloud offers opportunities for automation, meaning deployment and configuration can be managed using declarative and/or scripted tools.
“When using infrastructure and configuration as code, changes can be journaled and the actual state of the environment can be compared to the ‘gold standard’ defined in the codified desired state,” Scott said.
This approach makes it much less likely for human error to creep into configuration, particularly when compared to making manual changes using the cloud portal.
The report also found nearly a third of incidents are due to human error and misconfiguration, which Scott said could be reduced through training on cloud-specific tools provided by the chosen cloud provider.
Additional policies for a comprehensive cybersecurity approach to cloud environments include implementing least privilege access control, enforcing strong password policies with MFA and developing secure resource configuration policies.
“Security teams should also consider implementing formal change management processes and establishing policies for ongoing monitoring and logging of cloud activity,” Scott said.
Recent Articles By Author