Authored by: Trisha Paine, Head of Cloud Marketing Programs, Check Point Software Technologies
Migration to the cloud has accelerated recently, especially in light of the COVID-19 outbreak. This global shift towards a nearly 100% remote workforce almost overnight has led to a spike in demand for online services, digital access, and highly available applications accessible from any location. This has driven cloud usage in every domain, leading companies to push forward with their digital adoption, achieving more in two months than they had planned to accomplish in the next five years.
More specifically, a 2020 study found that a staggering 87% of companies plan to expedite their cloud migration in the post-pandemic world, and 68% of companies are using two or more cloud providers as part of their migration effort. This leap forward, however, has come at a price.
Check Point’s 2020 Cloud Security Report revealed that this accelerated move to the cloud and the security gaps this has created has led to an increase in attacks and growing concern among companies, which despite their best efforts have failed to thwart these.
Cloud Security a Major Concern
There are many good reasons to migrate to the cloud. The cloud reduces dependency on on-premises data centres, is highly scalable, and ensures data and applications are highly available from anywhere. Despite these benefits, however, it also brings about a whole new set of security challenges for companies.
Many perceive the move to the cloud as risky in terms of security. According to the 2020 Cloud Security Report, 52% of organisations believe the risk of security breaches is higher in cloud environments than on-premises, and 75% of companies are very or even extremely worried about cloud security.
These concerns have taken a heavy financial toll on companies. The report found that organisations typically spend 27% of their budget on security, and nearly 60% of organisations expect their budget to increase even more in 2021.
This is with good reason. In the first half of 2020, over 3.2 billion records were exposed in ten of the biggest data breaches. These breaches can of course be detrimental to a business, as seen with the massive data leaks as a result of the 2019 Capital One breach.
Let’s take a look at some of the biggest security threats that companies must combat when turning to the cloud.
What Are the Biggest Cloud Security Threats?
According to the 2020 Cloud Security Report, the highest ranking threat was misconfiguration, with 68% of companies citing this as their greatest concern (up from 62% from the previous year). Misconfiguration takes place when a cloud-related system, tool, or asset is not configured properly, thus endangering the system and exposing it to a potential attack or data leak. This threat was followed by unauthorised access (58%), insecure interfaces (52%), and account hijacking (50%).
The report also looked at the top cloud security concerns. Among these were data loss or leakage (69%) — up 5% from last year — and data privacy and confidentiality (66%) — up 4%. These were followed by concerns about accidental exposure of credentials and incident response (tied at 44%); legal and regulatory compliance (42%); and data sovereignty, residency, and control (37%). Another major source of concern for executives and security experts was that of compliance, with 90% of those surveyed considering continuous compliance during migration from on-premises to the cloud extremely important.
Among the many reasons for these concerns is the fact that the traditional security tools available aren’t designed to cope with the security complexities of the cloud.
Why Traditional Security Tools Just Don’t Cut It
Although cloud services provide built-in and often advanced security measures, enterprises are still subject to a shared responsibility model. At the end of the day, this means the customers are responsible for securing their own data and workloads in the cloud.
Traditional security tools that may have worked well for companies on-premises aren’t designed to handle the changing, distributed, and virtual environments of the cloud. The 2020 report revealed that executives were well aware of this limitation, with over 80% of respondents claiming these tools either don’t work at all in the cloud or offer limited functionality.
So what is it that companies need in order to migrate safely to the cloud? According to the 2020 Cloud Security Report, the key considerations when choosing a cloud security provider are cost-effectiveness (63% of respondents), ease of deployment (53%), automation (52%), and whether the solution is cloud native (52%). In addition, since nearly 80% of companies have adopted a multi-cloud architecture, most companies are in need of a unified cloud security platform capable of delivering all the aforementioned metrics across their complex infrastructure.
The survey revealed that in order to meet these cloud security requirements, one option for companies is to train and certify their existing staff. According to the findings, however, over half of respondents considered staff expertise and training the biggest barrier to expedient cloud adoption. The alternative, as revealed in the report, is the use of cloud-native security tools.
This magnifies the need for highly automated tooling that can be used easily and intuitively by IT security teams for efficient handling of the growing demands on their cloud environment.
Take Your Cloud Security to the Next Level
In light of the increased focus of companies across the globe and across industries on accelerating their cloud adoption, the need to address the many serious security threats that come with migration has become more urgent than ever.
Traditional security tools are no longer adequate for handling the growing number of breaches and the dynamic, virtual, and decentralised nature of the cloud. Overcoming these challenges requires a unified, highly automated, and cost-effective cloud security solution capable of detecting and handling threats across multi-cloud environments.