By taking these simple steps, organizations can significantly increase the security of their assets in the cloud.
The biggest obstacle to the adoption of public cloud solutions by German companies is not just security concerns, but real security problems. According to the Cloud Monitor 2022 by management consultants KPMG, only 47 percent of companies surveyed with 20 or more employees will use public cloud offerings in 2022, while 67 percent will rely on private cloud computing. More than half of companies that are already using public cloud solutions say they have experienced security challenges when integrating the public cloud with their existing IT infrastructure: 56 percent have had difficulty implementing compliance requirements in the last 12 months, and 51 percent have had difficulty implementing security requirements.
Interestingly enough, according to the Cloud Monitor 2020 those interviewed reported more security incidents in their on-premises IT infrastructure than in public cloud resources. So the private cloud is not fundamentally less secure than on-premises infrastructures, it is even more secure.
However, the responsibility for securing cloud resources does not lie solely with the provider. Organizations using public cloud resources must also do their part to protect the resources under their control. The following six actions can help:
1. Ensure transparency
One serious security problem with cloud services is that one of their biggest advantages is ease of deployment. This tempts individual teams or departments to quickly set up a cloud service without first contacting IT. This can lead to compliance and security breaches. For IT to quickly identify these potential entry points for attackers, they need a cloud management solution that provides visibility into the cloud resources in use across all cloud providers. This enables them to identify and resolve compliance and security issues.
2. Define and enforce compliance and security policies
Breaches of compliance and privacy regulations due to careless use of public cloud resources can result in painful penalties. As a result, companies need to establish clear policies that make it clear to all departments what is at stake. In addition, compliance must be continuously monitored so that violations can be immediately recognized and corrected.
3. Use multifactor authentication
Simply protecting cloud resources with a username and password is not enough, especially since some users are still far too careless with passwords that do not even meet basic security criteria. This is grossly negligent, as public cloud accounts are accessible via the open Internet and are not protected by security measures at the corporate network perimeter. Multi-factor authentication (MFA) is a must for authenticating to cloud resources, and all major public cloud providers have long offered the option to secure accounts with MFA.
4. Manage access rights
As dangerous as it is for cybercriminals to take over a basic user account, the real danger comes when attackers obtain credentials for a privileged account with advanced rights. They can then move around the cloud environment, reconfigure servers, and steal sensitive data. As a result, the number of privileged accounts must be minimized and user permissions must be constantly monitored.
5. Secure endpoints
Endpoints are also the classic gateway to cloud applications. Effective protection against malware infections is therefore essential not only for the security of the corporate infrastructure, but also for cloud resources. After all, users’ endpoints have been exposed to a barrage of malware and phishing attacks for years, and a powerful and constantly updated endpoint protection solution is required to defend against them.
6. Protect Cloud Servers
The provider is not solely responsible for the security of cloud resources. It is up to each individual company to protect its cloud resources with the same care as its own IT infrastructure. This requires integration and synchronization of all components and processes involved, as well as maximum transparency and visibility.
