Cloud Covered? If Not, Take Cover!
Over the past 18 months, there has been a dramatic escalation of businesses moving applications and data to the cloud. Indeed, the number of cloud-based applications used by the average organization increase by 20% in 2020, and cloud activity now represents over 50% of secure web gateway traffic.
In part, this was precipitated by the pandemic and the speed with which companies had to adapt to remote working. Even though COVID-19 may have been the catalyst for more rapid adoption of cloud-based infrastructure, services and storage, it marked a tipping point in terms of digital transformation.
Cloud offers tremendous benefits in terms of cost reduction, ease of access, efficiency and scalability. As such, cloud transition has become top priority with many corporations; C-Suite executives understand that the cloud enables companies to become more nimble, able to innovate more quickly and effectively.
The cloud permits organisations to bring people and partners together on a single platform, all with access to current data, processes and technologies. In turn, this permits better analysis of data, yielding better insights, leading to more creative and effective design of products and services, employee engagement and customer experiences.
Having everything in the cloud has huge benefits, but also comes with equally substantial security risks – and migration to the cloud can expose vulnerabilities that exist in current infrastructures. The cloud requires a different security approach than on premises systems, because it’s impossible to achieve the continuous compliance that’s needed for cloud-based workloads using traditional tools and processes.
A quote from Gartner says it all: “It isn’t so much about whether the cloud is secure…It’s mostly about how securely you are using it.”
What are some of the risks?
- The average cost of cloud-related breaches was $4.41 Million in 2020 – and that’s not factoring in the loss of reputation and customer confidence.
- 61% of malware in 2020 was delivered using cloud applications.
- Cloud applications now represent 36% of all phishing campaigns.
- Employees don’t think twice about accessing personal apps (banking and online shopping being two common ones) using corporate devices and the average person will upload about 20 files/month to personal apps, usually social media platforms. Each instance provides an attack opportunity.
The resulting network and data breaches usually stem from misconfiguration of the cloud infrastructure. According to a Zscaler report, 86% of records compromised in 2019 were the result of misconfiguration. Other studies show similar numbers for 2020.
According to the Gartner Innovation Insight for Cloud Security Posture Management report, “Nearly all successful attacks on cloud services are the result of customer misconfiguration, mismanagement, and mistakes. Security and risk management leaders should invest in cloud security posture management processes and tools to proactively and reactively identify and remediate these risks.”
Cloud Service Providers (CSPs) will ensure that the underlying infrastructure (including networking, computing, storage and databases) is secure, and usually offer multiple compliance certifications. It is each organization’s responsibility, however, to ensure that applications are built correctly, that configurations have been properly and securely set and that your proprietary and client data is well protected. This applies to all cloud services.
To learn more, we invite you to read a white paper from one of our partners, Zscaler: “How to secure Public Cloud Environments”
We are one of a select group of companies chosen to represent Zscaler in Canada; we are also a Cisco partner. Zscaler and Cisco Cloudlock are both great options for moving safely to the cloud and for protecting applications and data automatically and continuously. To learn what will work best for you, please contact us at [email protected] or (416) 429-0796 or 1.877.238.9944 (Toll Free).
