How to protect your cloud deployments

Cloud capabilities have become essential to almost every type of organization. They provide data storage, enable real-time communication and collaboration, link disparate teams and systems and connect new devices to company networks. Importantly, cloud deployments can scale up quickly, which has helped many companies quickly establish new connections and working conditions with partners, customers, internal teams and remote employees. Cloud capabilities extend into personal services as well, such as email, social media and entertainment services.

According to one study, 79% of organizations recognize that security is one of their top cloud challenges.¹ One problem is that many companies simply have not assessed the risks associated with cloud deployments or have not determined what elements of security are their responsibility.

Since most organizations depend on cloud service providers (CSPs) to maintain these systems, it can be challenging to determine what elements of security are the responsibility of the CSP and which are not.

Understanding the limits of CSP security

CSPs usually offer built-in security features that exceed the technical capabilities and financial resources of most small and midsize businesses.  One study shows, that 39% of organizations are running more than half of their workloads in the cloud.² The cloud can be as secure as in-house systems, but only if managed with appropriate storage and access controls.

While CSPs often provide tools to help manage cloud configuration, there are still many elements of security infrastructure — such as firewalls, devices and account access — that remain the cloud user’s responsibility. In fact, CSPs are not the source of most security incidents. Lack of knowledge among cloud customers and misconfiguration of CSP accounts are responsible for most breaches, big and small.

Misconfiguration, like many cloud security challenges, often stems from staff inexperience. Many security and IT specialists simply don’t understand the intricacies of secure cloud configuration and often lack in-depth knowledge of their company’s CSP security settings and capabilities.

Another potential pitfall is inadequate or incomplete security processes. When configurations and permissions are not thought through, employees — and bad actors — can gain access to a world of sensitive information that can be unintentionally leaked or very cleverly stolen through social engineering schemes.

This type of insider incident can have serious and costly impacts. Research shows that organizations who experienced a data breach with a hybrid cloud model on average cost $3.80 million.³ It is important to know your third-party vendors and what privileges have been granted to reduce the risk of account take-overs by cyber criminals or disruptions to normal operations. In one study, 45% of data breaches of companies occurred in the cloud.⁴

For more specific guidance in addressing cloud security challenges, a CSP can be one of the best sources of advice. Service providers offer a range of advanced security and privacy capabilities, as well as guidelines and security defaults for rigorous configuration of cloud settings. But many organizations don’t follow these guidelines, and some may even inadvertently disable essential security settings.

A CSP may offer continuous monitoring solutions to help detect suspicious user activity and assess an organization’s threat status in real time. Monitoring is also essential to tracking and prioritizing investigations of malicious incidents.

However, CSPs don’t provide much help in minimizing third-party risks. Business and security leaders will need to carefully assess a partner’s security capabilities to make sure they meet or exceed their own. This assessment can also help determine the right amount of access to grant third-party users.