No cloud implementation – in any business unit at any company – is perfect. That’s a given. IT administrators, directors, and CIOs have always been forced to make compromises between convenience, cost, and security. With that said, there’s a difference between a compromise, and imperfection, and an outright flaw. There are some places where enterprises simply should not make compromises on cloud configuration – but most make them anyway. Here are some of the most common mistakes.
Lack of Encryption in your Cloud Storage
A recent study of over 12,000 cloud providers shows that less than 10% of them bother to encrypt data at rest. This is concerning for a lot of reasons – primarily because it means that if an attacker steals the login credentials for a particular cloud system, it’s game over. The attacker has your data and can read it – there’s no additional line of defense.
The other problem with this is that the solution – find a third-party encryption provider – is not as straightforward as it sounds. Even seasoned administrators have an alarming propensity to rely on default settings for cloud applications. If the app is unencrypted by default, it’ll likely stay that way. Plus, there’s the strong possibility that the application is not being run by a skilled user, such as in the case of Shadow IT. A single enterprise might be running hundreds of cloud apps. Can you monitor them all for proper encryption practices?
Using Apps that Aren’t Ready for Primetime
Research shows that the average enterprise is running a staggering 1,181 cloud services – and not even 8% of them are ready for enterprise usage. In this case, “ready for enterprise” means an application that contains robust security controls, backup services to ensure business continuity, authentication controls, and compatibility with audit services.
Failing to Understand Secure Configurations
Let’s move on from simple cloud services to a full-featured cloud environment, such as AWS. Securing AWS is not simply a matter of virtualizing on-premise security tools and placing them in the cloud environment – there are types of data transfers in the cloud that simply don’t exist on-premise.
Instead, it’s important to learn how to filter actionable security data from cloud implementations and use their built-in security tools to automate certain kinds of incident response. Public cloud services contain many robust tools for this purpose, but many administrators don’t know that it’s their responsibility to use them. 64% of administrators believe that it is the cloud provider’s responsibility to secure data in the public cloud – in spite of clear shared responsibility guidelines.
Lack of Automation
Per our last point, the built-in security features of a cloud platform such as AWS often contain robust tools that administrators aren’t fully taking advantage of. For example, the cloud is held together by APIs. This delivers enormous potential in terms of automating security solutions. When spinning up a new instance, for example, the cloud controller could easily make a series of API calls to various security services that would automatically configure firewall rules, register with A/V tools, and more.
Unfortunately, almost 40% of organizations still haven’t set up the baseline capabilities to be able to achieve these automation goals. It might be because cloud security can be overwhelming, or it might be because security departments are still under-resourced. Whatever the cause, setting up security automation for the cloud is a clear priority – and it’s easier than you might think.
Configure a Securely Automated Cloud Environment with Safe-T
Safe-T is designed to make cloud security easy. With a host of user-friendly API connectors, it can bring many of your pre-existing security tools into line with a public cloud environment. This lets administrators configure a custom cloud solution that eliminates manual tasks, freeing up time for admins to keep their eye on the bigger picture.
In addition, our secure cloud storage access product functions as an overlay for the many insecure cloud storages that go unencrypted by default. Safe-T lets administrators secure their public cloud in whatever form it takes – either a full cloud environment or less enterprise-ready cloud storage applications. For more information and a free trial, contact Safe-T today!
*** This is a Security Bloggers Network syndicated blog from Safe-T Blog authored by Amir Mizhar. Read the original post at: https://blog.safe-t.com/are-you-securing-cloud-storage-wrong