Increasing Concerns On Cloud Services Are Under Attack

With the new hybrid-working model we see organizations increasingly moving more of their workload settings to the cloud. While this transformation offers great agility and scalability benefits, it comes with inherent and increased risks to security and compliance. A simple configuration error can result in your entire organization being exposed to threat actors who no longer need to break into your data center to access your critical data or conduct ransomware attacks.

As per Gartner by 2025, 99% of cloud security issues will be a result of human error when configuring assets and security in the cloud. At a time when organizations are becoming increasingly dependent on third-party cloud vendors such as AWS, Microsoft Azure, IBM and Google Cloud Platform to securely manage their data, concerns around misconfigurations and other vulnerabilities in the cloud are likely to amplify quickly.

What’s more important is , many of the organizations finding themselves at risk have had to accelerate their digital transformation initiatives at an uncomfortable pace over the past two years, resulting in knowledge and talent gaps that only add to their fears around cloud security.

Under the shared responsibility model - a security framework designed to ensure accountability for compromised data and other incidents - the cloud provider will offer basic cloud security, but it's up to businesses themselves to secure their own data within the cloud. To put it in another way, if cloud providers ensure the town gates are locked and the perimeter is well guarded, it’s still up to businesses to ensure their own doors are locked.

That’s no mean feat, particularly when you consider that many large enterprises now rely on three or four cloud platforms as part of a multi-cloud strategy. Attacks on cloud service providers are ramping up. As outlined in Check Point 2022 Security Report, the previous year has seen a tidal wave of attacks that exploit flaws in the services of industry-leading cloud providers. For the cybercriminals involved, the end goal is to gain full control over an organization’s cloud infrastructure or, worse, an organization’s entire IT estate, including its proprietary code and customer records.

Needless to say, this can have a devastating impact on the businesses affected and they’re quite right to be concerned. It’s likely that there will be many more cloud provider vulnerabilities in 2022 but fortunately there are things within an organization’s control that can mitigate the risk. Cloud security is complex, and with multi cloud environments it gets even more complex.

So, think about consolidating all your cloud security across all cloud vendors into one solution that monitors all malicious activities and reduces the workload by automating common tasks like policy updates. 

S Mohini Ratna, Editor, VARINDIA