Authored by Nilesh Jain, Vice President, SEA & India, Trend Micro
We are well into 2021 and cyber threats continue to be a thorn for businesses as loopholes in defences transform into more insidious variants. Organisations face a constant barrage of threats that can affect their bottom lines – the estimated losses that financial institutions can potentially incur yearly is anywhere between US$100 – 300 billion. And, as businesses turn to the cloud to improve their infrastructure and processes, cybercriminals are quick to follow suit by crafting threats that aim to compromise cloud platforms and application security.
You are one misconfiguration away from a security breach
The cloud is an environment that promises the potential to improve almost any business, but in it lies security challenges of its own – misconfigurations. Misconfiguration is one of the most common ways a cyber felon can gain a foothold in your cloud environment. All a perpetrator needs are a set of compromised or weak credentials to pose as a legitimate user and take advantage of systems. Other times, they exploit a vulnerability in software that's deployed in your environment.
Alarmingly, it doesn’t take much technical knowledge to extract data or compromise an organisation’s cloud assets. The worst cases of exposed data can often be attributed to simple human error rather than a concerted attack.
Configuration is a responsibility of the organisation
Given that cloud services are offered by service providers that handle the hardware and back-end portions of the cloud, it’s easy to assume that they are also responsible for every aspect of security.
The truth is that cloud security is a shared responsibility – while the service provider offers security for the underlying infrastructure, the organisation is responsible for securing the data. This means implementing access policies, ensuring proper encryption, and managing the overall configuration of the cloud service to fit the needs of the organisation.
Here are some best practices to secure the cloud:
Employ the principle of least privilege: Access to specific portions of the system should be given only to users who need it
Secure all endpoints in the network: The use of cloud infrastructure does not rule out the need for stronger endpoint security. Many attacks start at the endpoint level, and this is no different when it comes to cloud-based systems
Isolate the most critical infrastructure: The fewer people with access to important data, the more secure it is from potential attacks
Encrypt data passing through the cloud: Data – both in transit and at rest should be encrypted as a general security measure. Many cloud service providers already offer encryption of data as part of their security measures, but organisations that want to take their cloud security further can look into solutions that include data encryption
Protect your bottom line from the start
Cloud solutions are not something inherently good or bad for an organisation’s security. However, it requires organisations to understand the primary threats and challenges they face in a cloud environment, and perhaps more importantly, to change the way they think about cloud security – not as something that gets tacked on after the fact, but as an integral part of a well-designed cloud implementation.