New standard requires new security in the cloud

IT managers are now questioning the security efficiency that was built before remote work increased the use of cloud computing. Do their defences withstand widespread use?

A new study on cloud security from Netwrix indicates that 54% of companies that use the cloud for data storage reported security incidents in 2020. I guess these are all minor incidents, given that few of them have reached the news cycle, because major problems are likely to occur.

I guess most companies only disclose about 10% of the cloud security issues they face. This may be comparable to the “alternative truths” that many people tell their doctors about the number of drinks, sweets, carbohydrates, fats, medications or cigarettes they consume. It is not as if we want to brag about our shortcomings. Often, it is only when our bad habits endanger a part of our body or our life that we make ourselves completely innocent to our doctor. It’s not a scientific comparison, but I think the frequency of security problems in the corporate cloud is quite similar. We only admit problems when necessary.

It may be for this reason that the Netwrix study also showed an alarming response that two-thirds of companies plan to delete sensitive data from the public cloud providers they use. At a time when cloud computing may have reached its peak, we should all sit back and take note of the fact that many organizations extract sensitive data, especially when that number was less than half of the previous year. This disturbing trend indicates a shift in business orientation, far from business continuity systems designed for the traditional use of public clouds, systems that have in fact helped smooth the sudden transition from on-site to home work.

What’s going on?

I think many companies have finally had time to take stock of the past year and have begun to worry about the unexpected cloud security challenges they have faced or continue to face. Today’s widely distributed and Zoom-based workforce often exploits the cloud in a way we couldn’t have imagined a year ago. The increase in security incidents is probably a by-product of these more ingenious and unforeseen uses that have almost certainly tested enterprise cloud security models in a way that models were never designed to respond to.

Cloud security budgets did not increase when the pandemic hit and workers dispersed. This has led to an unforeseen reliance on public clouds, such as AWS and Microsoft. Cloud computing attack vectors have tripled for most businesses, such as potential attacks on home networks where a VPN is useless as a defense. That’s the new normal.

Poorly configured security for cloud resources has become commonplace in 2020, and the shared responsibility model is still not well understood. The most difficult problem is the lack of qualified cloud management and security skills, and an IT staff that rarely has a fundamental understanding of what’s in their cloud in the first place. Outside of IT, there is a distributed workforce that could become the rule now rather than the exception. To face these new realities, we need to rethink cloud computing security from scratch.

First, ask security officials to supervise remote workers using distributed identity identification and management information, and monitor home networks and domestic customers. Also provide adequate funding so that cloud security managers can get the security technology they need and the talent they need to succeed.

Second, cloud providers also need to mobilize. They must reject the old assumptions about how their clouds will be used and the specially designed security approaches that result. We need more innovative security to meet the new needs of businesses.

2020 was a year of exclamation points. Many companies have taken a leap forward for years, if not decades, in their future cloud computing projects. Some may never have taken the plunge without the pandemic. We handled the spinoffs as best we could, and most of us were pleasantly surprised at how much the cloud went when we needed it. Cloud-designed business continuity systems have enabled many businesses to survive the crisis.

That’s why it would be a mistake for the majority of companies to contract their data footprint in the cloud or to go back to an internal or on-site IT paradigm. Now that we all have a better idea of what the new normal looks like, it’s time to go back and put dots on the i’s and cross the t. Make IT full again and protect new cloud systems from security vulnerabilities and vulnerabilities. These are pretty important things. Let’s get to work.

Leave a Reply