Cloud computing has dominated our collective business consciousness over the last 10 years. Unfortunately, cloud computing security’s popularity pales in comparison. Whilst organisations and individuals have spent the last decade moving data from on-premise servers to the cloud or hybrid environments, they often take the security of that migration for granted.
Security professionals face challenges in keeping pace with cloud deployments and migrations, and the additional security threats they open up
Misconfiguration, unauthorised access and account hijacking are the most pressing of a number of threats to public cloud environments, which are now reaching a level where security operations are finding it more and more of a challenge to keep up, according to a report.
In Check Point’s ‘2020 Cloud security’ report, which was conducted by infosec community Cybersecurity Insiders during July based on a global, self-selecting sample of 653 cyber security and IT professionals spread across organisations of varying sizes, the supplier also found there was a perception that traditional security tools offered only limited protection in complex cloud environments.
Amongst other things, the report found that exactly three-quarters of respondents were either “very” or “extremely” concerned about public cloud security, and 68% reported using multiple public cloud providers, meaning they had to learn multiple proprietary native security tools and management tools in their day-to-day work.
“The report shows that organisations’ cloud migrations and deployments are racing ahead of their security teams’ abilities to defend them against attacks and breaches,” said TJ Gonen, Check Point Software’s cloud product line head. “Their existing security solutions only provide limited protections against cloud threats, and teams often lack the expertise needed to improve security and compliance processes.”
“To close these security gaps, enterprises need to get holistic visibility across all of their public cloud environments, and deploy unified, automated, cloud-native protections, compliance enforcement and event analysis. This way, they can keep pace with the needs of the business while ensuring continuous security and compliance.”
Security pros said the biggest threats their organisations were exposed to through their use of public cloud environments were misconfiguration (68%), unauthorised access (58%), insecure interfaces (52%) and account hijacking (50%).
In terms of security barriers to cloud adoption, survey respondents cited a lack of qualified staff, budget constraints, data privacy issues and a lack of integration with existing, on-premise security tools. In fact, an overwhelming majority of 82% said that traditional security solutions either did not work at all or were only capable of providing limited functionality in public cloud environments. This was a rise of over 15% compared to the 2019 edition of the report, most likely highlighting the increased amount of cloud adoption in the past 12 months.
Security pros also tended to perceive public cloud environments as inherently riskier than on-premise environments, albeit by a slim majority of 52%, while 17% saw lower risk and 30% reckoned the two were about the same. Nevertheless, the majority seemed to be optimistic that their cloud security budgets would increase over the next 12 months, with 59% expecting this to be the case.
Check Point noted that, on average, organisations currently allocate about 27% of their total security budget to the cloud.
Advice for securing cloud storage in 2020
Many experts have emphasised cooperation between organisations and their cloud providers. They agreed that a lack of communication about services, security protocols, and expectations would increase the risk of security threats.
“Enterprises should adopt solutions from companies that give cloud visibility, recommend security policy, and orchestrate the policies to prevent attacks,” says Umesh Padval of Thomvest Ventures. “Secondly, they should accelerate data protection and encryption while data is being transmitted, stored and processed.” These added safeguards protect organisations where their cloud security providers leave off.
Ameesh Divatia, co-founder and CEO at Baffle, Inc, says that organizations have a long way to go before gaining full cloud computing maturity. He argues, “…companies will need to go beyond focusing on cloud security configuration and controls and come to grips with protecting the actual data as part of the ‘shared responsibility model.’”