The cloud holds enormous potential for business efficiency and innovation, but it can also create a 'wild west' of broader and more distributed environments for organizations to manage and secure.Here are some of the top cloud security risks that organizations should keep in mind going forward.
Exploiting Cloud AppsAccording to the recent case study by IBM X-Force IRIS, cloud-based applications are the most common path for cybercriminals for compromising cloud environments. They accounted for 45% of cloud-related cyber threats in IBM’s study.
RansomwareRansomware is one of the biggest cyber threats confronting the cloud industry. Ransomware was deployed three times more than any other type of malware in cloud environments, found IBM, followed by crypto miners and botnet malware.
Data LossCompanies are increasingly storing sensitive data in the cloud. Around 21% of files uploaded to cloud-based file-sharing services contained sensitive data including intellectual property, according to IBM. As such, cybercriminals can gain access to intellectual property or other personal files in the event of security breaches involving the cloud. Data loss is one of the cloud security risks that are hard to predict and even harder to handle. Data theft was the most common threat activity observed by IBM in breached cloud environments outside of malware deployment over the last year.
MalwareMalware makes its way into the cloud environment in various ways. The most popular method is via phishing emails and by taking advantage of poorly configured storage servers. As data is constantly traveling to and from the cloud, malware has a vastly increased number of opportunities to attack not only cloud infrastructure but also client infrastructure and devices. “Based on the trends in our incident response cases, it’s likely that malware cases targeting cloud will continue to expand and evolve as cloud adoption increases,” said Charles DeBeck, IBM X-Force IRIS. “Malware developers have already begun making malware that disables common cloud security products, and designing malware that takes advantage of the scale and agility offered by the cloud,” he added.
Legal/Compliance IssuesWith increasing government regulations pertaining to data protection such as GDPR and HIPAA, staying compliant is becoming more complex. Owing to the large-scale accessibility of data on the cloud environment, it can be difficult for businesses to keep track of who can access the information. Companies should always strive to remain compliant with laws and industry regulations to avoid facing hefty fines and reputational damage in the aftermath of a successful security incident.
In ConclusionAlthough cloud transition is posing new security challenges, organizations that are able to adopt a mature and streamlined governance model for the cloud can significantly enhance security agility and response capabilities. The organizations should focus on the following aspects to address security concerns in hybrid, multi-cloud environments:
- Promote collaborating governance and culture for cloud and security operations
- Develop a risk-based assessment for developing a roadmap for phasing cloud adoption
- Adopt strong access management tools and policies for access to cloud resources
- Ensure right security tools across all cloud and on-premise resources
- Implement effective security automation
About Author: Anand is a senior content writer at the Veritis Group working on market research, collaterals, whitepapers, technology news &, etc. Reading books, blogging, and social media are other work-related interests among various other skill sets. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.