The cloud brings significant benefits but also a new set of risks
Most organizations today operate in the cloud. By taking advantage of the scalability and ease of operation of cloud services, you can enhance productivity and collaboration while reducing operational costs. And when you’re using someone else’s infrastructure, you don’t have to worry about upkeep, which means you can more easily expand capacity
and recover from a disaster incident.
While the cloud simplifies operations in many ways, it comes with its own set of risks that can impact your bottom line.
In 2021, the average cost of a public cloud breach was $4.8 million, and the cost of a hybrid cloud breach was $3.61 million.1 As your organization continues to operate in the cloud, you need to be aware of these risks and take appropriate steps to mitigate them.
How to protect data in cloud-centric environment
At the end of the day, your IT and security team’s job is to ensure that your organization’s sensitive data is secure. To do so as you embrace the cloud, there are three buckets of actions that you should be able to take:
Cloud configurations are tremendously flexible and can be tailored to your exact requirements. You can operate completely in a public cloud, like Amazon Web Services, Microsoft Azure, or Google Cloud, or build a multi-cloud configuration that includes two or more of these providers. You may want to also maintain some operations on premises with a hybrid cloud configuration.
With customization comes complexity. And if you are not equipped to manage it, this can lead to misconfiguration. Along with stolen or compromised credentials, cloud misconfigurations were the leading causes of breaches in 2020, resulting in an average breach cost of $4.41 million.2
Unlike classic hacking scenarios, where the target is chosen before the attack vector, cloud breaches occur because the attacker found the quickest way to the largest payout. This is often done by setting up automation to quickly discover vulnerabilities.
Often, the path of least resistance is a misconfigured cloud resource, which has become commonplace due to the disjointed nature of cloud service deployment. With multiple cloud systems, you have to manage a patchwork of operations and security controls that likely have different rights, capabilities, and requirements. In an attempt to secure this disjointed infrastructure, organizations will often deploy specialized tools as new use cases arise. But with multiple
agents, consoles, and processes, these disparate products often add more burden to already stretched teams and leave
operational and visibility gaps that can be exploited.