Data Breaches Rise as Organizations Shift to the Cloud
As more and more organizations make the move into public clouds, a corresponding rise in cloud data breaches has followed, according to an IDC survey of 200 security decision-makers in the U.S.
The survey found nearly all (98%) of the companies surveyed had experienced at least one cloud data breach in the past 18 months, compared to 79% last year.
Meanwhile, 67% reported three or more such breaches, and 63% said they had sensitive data exposed. Nearly 6 in 10 respondents said they consider lack of visibility and inadequate identity and access management (IAM) security a major threat to their cloud infrastructure.
Access risk and cloud infrastructure security rank among the top five security priorities for companies in the next 18 months, with 83% of enterprises reporting at least one of their cloud breaches was related to access.
The survey also revealed few organizations have a dedicated cloud security team. While IT/operations make most decisions, the overall process is very fragmented, with many job roles identified as primary decision-makers for securing access in cloud infrastructure.
Brendan O’Connor, CEO and co-Founder at AppOmni, pointed out that in today’s cloud and SaaS platforms, the corporate network is no longer the only way to access data.
Data is now frequently accessed through third-party apps, IoT devices and portals created for external users such as customers, partners, contractors and managed service providers (MSPs).
“Often, access through these channels completely bypasses the corporate network, instead relying on OAuth tokens or other types of verification,” he said. “We find that while companies are eager to use these access points to increase the functionality of their cloud and SaaS systems, they often neglect to secure and monitor them in the same way they’ve secured access from their corporate network, leading to major access vulnerabilities that may be completely unknown to the company.”
A More Diverse Cloud Landscape
O’Connor explained that when it comes to SaaS applications, the landscape is far more heterogeneous than the consolidated on-premises technologies organizations may have used in the past.
Unlike being able to focus on just a couple of key technologies, like Windows and Mac or Android and iPhone, most enterprises use dozens or even hundreds of different SaaS applications.
This means that going forward, security teams won’t be able to specialize in these technologies in the same way, and a new approach is needed to keep up with quickly changing cloud and SaaS environments.
“Security and IT teams can no longer rely exclusively on in-house expertise and expect to keep up,” he said. “They need to embrace automation and use tools that provide expertise on the evolving security nuances of each application.”
For Vishal Jain, co-founder and CTO at Valtix, cloud migration means bigger challenges regarding visibility and control, especially for multi-cloud environments.
“Organizations need cloud-first platforms for security that address the nuances of the multi-cloud world,” he said. “That means that investments should be made in tools that will enable centralized security visibility and policy in one console across many clouds.”
For network security, Jain said organizations should invest in a new breed of cloud network security platforms (CNSP) that can provide multi-cloud visibility and control that ensures critical gaps are not left open.
He also pointed out that cloud is different than anything that has come before, and requires new knowledge and skillset.
“Finding people that have made the leap to the cloud already or were born in the cloud will be challenging, considering that a large percentage of organizations have now shifted to a cloud-first mentality,” he said. “Organizations will have the difficult task of figuring out how to retool their existing staff, while also keeping the lights on for their on-premises capabilities.”
Least-Privilege and Zero-Trust
A least-privileged access strategy is critical to a zero-trust security model, which is designed to lower risk while increasing accessibility of services and providing a better user experience. By clearly identifying user roles and responsibilities for cloud services and assigning the appropriate access, organizations can avoid inadvertent bad practices from leading to a security breach, according to John Morgan, CEO at Confluera.
Morgan added that employing least-privilege access also enables more accurate detection of malicious activities, with behavior- and machine learning-based tools designed to decipher the differences between routine behaviors and malicious ones.
“Have a strong preventive and zero-trust approach; however, have an equally strong detection and response-based assumption that you have already been attacked and the attacker is picking your environment apart at all times,” he said. “Organizations should look to third-party security solutions that are specifically designed for the cloud and addresses some of its unique challenges, including coverage across containers, Kubernetes and multi-cloud environments.”
Morgan pointed out that any time you change the state of an environment such as the cloud—scaling up, adding services or allowing more access for mobile end user devices—that state change comes with the risks of opening up opportunities for attackers; and that the cloud is constantly changing.
Meanwhile. the security challenges of the distributed workforce and cloud adoption have greatly accelerated due to the COVID-19 pandemic and a general acceleration of cloud adoption, with many organizations being forced to formulate a plan to shift their workforce from in-office to remote work in a span of few weeks.
“They also had to accelerate or implement new plans for cloud adoption to support the remote workforce who needs access from any and all networks,” he said. “Since the start of the pandemic, organizations have been in cybersecurity catch-up mode, and the recent barrage of high-profile breaches are some of the consequences.”
