So says Gartner analyst Neil MacDonald, ‘Through 2020, 80% of cloud breaches will be due to customer misconfiguration, mismanaged credentials or insider theft, not cloud provider vulnerabilities.’
Basically what he’s saying is that if your data gets stolen, there’s an eight in ten chance that someone screwed up.
According to Josh Stella writing in Forbes, CTO and co-founder of cloud security and compliance company Fugue, ‘The results can be dire for any organisation: steep regulatory fines, a loss of customer data and damage to your brand.’
The Easy Way Or The Hard Way?
Sadly, many businesses and organisations (of all sizes and complexities) are learning the hard way that migrating their on-premise security framework into the cloud isn’t as straightforward as they may have originally thought, or hoped.
Back in December, a misconfigured database at UW Medicine (University of Washington) exposed the names, medical record numbers and ‘a description and purpose of the information shared for regulatory reporting purposes’ of 974,000 people.
The misconfiguration was the result of a coding error when data was being migrated onto a new server and was only discovered when a patient Googled their own name and found their file.
A successful migration into the cloud rests on five pillars of a cycle, each one dependent on the one before and if your business or organisation can follow this methodology it will support your overall cloud strategy. If not, it won’t…
Pillar 1 – Identity Access Management (IAM)
Put as simply as possible by Tim Jefferson, VP at Barracuda Networks, ‘To develop an actionable IAM pillar, companies must enable single sign-on and multi-factor verification, use roles-based access controls, and reduce the exposure of privileged accounts.’
Customers traditionally look at IAM from the standpoint of users, roles and permissions but within a cloud infrastructure, IAM allows for IT admins to verify who in a business or organisation can take action and who has visibility and control.
In the same way, cloud-enabled companies can be subject to the same IAM as its users and the access and management of those same services needs to be understood.
Pillar 2 – Detection Controls
Tim Jefferson says ‘This pillar relies on determining who is allowed access and to what — and then detecting anomalies. These intrusion detection systems (IDS) are automated, and they are designed to monitor and analyse network traffic, and to generate an alert in response to activity that either matches known malicious patterns or is anomalous.’
IDS offer real-time alerts to active compromises since they monitor the network’s traffic flow as well as being able to identify devices in imminent danger of compromise.
Pillar 3 – Network Security
Tim Jefferson again. ‘Many organizations make the mistake of beginning their cloud security framework discussions around network security (NetSec), but the cloud is different. The shared responsibility model under which cloud ecosystems operate inherently guarantees security of the network — but can’t guarantee the security of the companies that are accessing it.’
This is why an actionable network security pillar needs to consider endpoint security. Companies of all sizes should fully comprehend the policies and benchmarks that are relevant to their business and to deploy solutions that can translate said policies and benchmarks into actionable solutions.
Pillar 4 – Data Protection
Protecting your data when it’s just sitting there is hard enough but it becomes even harder when your data is in transit when it’s more vulnerable to malicious activity.
The most popular method of protecting your data is encryption but it’s not a complete solution. Network security controls add a layer of protection and your data policies will – should – have specific rules as to what happens to it when it’s accessed or moved from one location to another but there are other things that need to be taken into consideration.
Emails sitting idly in trash folders are laced with latent threats so they need to be permanently erased, and archiving and ongoing threat scanning procedures should also be introduced. Ultimately, says Jefferson, it’s about having ‘complete visibility of their data and information, as well as controlled versioning of that data, and end-to-end data protection and encryption.’
Pillar 5 – Incident Response
We’ve read about it dozens of times before, incidents are rarely identified until long after they’ve happened and by then, the data is on the dark web and available to the highest bidder. As we said at the start, 80% of cloud breaches will be due to customer misconfiguration, mismanaged credentials or insider theft but incident response can take many forms and in many cases can help to shape future best practice.
From identification and rectification to prevention to policy changes that avoid similar – or worse – incidents in the future, if you can leverage actionable cloud frameworks as your base to enforce security and best practices you can use your incident response procedures to identify where best practices aren’t being followed and why.
Every business should have a clearly-defined framework for cloud and network security and if you do you will be able to focus on the exact reasons you want to implement these systems, policies and procedures in the first place – digital and operational transformation.
Contact us today on firstname.lastname@example.org or call 020 7078 0789 and we’ll talk cloud security, cutting-edge IT solutions or what’s better, tea or coffee. Whatever you want.