Crowd Research Partners today released the 2018 Cloud Security Report which includes the following takeaways:
- Cloud Security Issues-The top three security control challenges security operations centers (SOCs) are struggling with are visibility into infrastructure security (43%), compliance (38%),and setting consistent security policies across cloud and on-premises environments (35%).
- Effective cloud security solutions – Encryption of data at rest (64%) and data in motion (54%) tops the list of the most effective cloud security technologies, followed by Security Information and Event Management (SIEM) platforms (52%).
- Biggest security threats – Misconfiguration of cloud platforms jumped to the number one spot in this year’s survey as the single biggest threat to cloud security (62%). This is followed by unauthorized access through misuse of employee credentials and improper access controls (55%), and insecure interfaces / APIs (50%).
According to Anthony James, Chief Marketing Officer at CipherCloud (San Jose, CA), a leader in data protection and cloud security:
Biggest Threats to Cloud Security.
“Misconfiguration of cloud platforms, misuse of employee credentials, improper access controls and insecure interfaces (APIs) are known and visible issues. This is a problem if you use any major cloud provider such as Amazon, Google or Microsoft Azure. We saw this very recently with both the Walmart and the Fedex data exposure which in both cases was based on misconfiguration. These problems can be solved by using comprehensive encryption, which is a basic tool for cloud security. If the exposed data was encrypted, it would be effectively useless to potential cyberthieves and cyberattackers. Despite the known fact that end-to-end encryption can solve these problems, many commercial enterprises and governments still fail to use it.”
Effective Cloud Solutions
“Data is every company’s biggest asset, and of course the primary target of cyber-attackers. As businesses embrace cloud services, it becomes extremely important to secure access to these cloud services. The core issue, like any security approach, is that when tools and procedures break down, the data becomes vulnerable. For this reason it is of paramount importance that this data is secured and protected independent of the additional security controls offered by cloud providers.
Historically, encryption technology has proven to be absolutely the single most effective method that can be used to provide absolute data protection. With new emerging solutions, the ability to encrypt data before it is delivered to cloud services, is not only available, but completely transparent to the users, making it a no-brainer. This is part of a strategy that ties in with a Zero Trust model that must be embraced when utilizing cloud services. In 2009 Forrester Research coined the word Zero Trust to describe a strategy whereby no access to the network is to be trusted until thoroughly verified. Trust none – verify all. Not only must data be secured at rest, but it should be secured in flight and until the last possible moment in use, which transparent encryption solutions can provide. No indirect access through the network should be able to access application data.”
Cloud Security Concerns – Compliance.
“We agree that cloud security concerns are on the upswing with cybersecurity professionals. We speak both with cybersecurity professionals and the top levels of IT, cybersecurity and corporate management. For corporate management, compliance is also a top-of-mind issue for both cloud and on-premise based data. For example, the impact of the European Community’s GDPR to multinational corporations is absolutely massive. Many corporations are not in compliance at this time as the May 25th deadline looms large. Compliance challenges include custom applications developed by these multinationals for their own use, as well as vendor-provided, cloud-based applications which they use.
Most cloud-based application software vendors are telling their clients to put an instance of their application in every country – this reduces the functionality available for top-level reporting and management. It also likely increases cost and administrative overhead. By reducing the span of accessible summary data within the application, you reduce the function and utility of the application. Further, this solution doesn’t work for compliance in many instances unless the encryption keys are held by the customer, which, many of these vendors cannot accommodate. ”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.