As cloud usage continues to rise and a lot more companies rely on it for a variety of services and goals, one thing remains a constant. The debate about security. Companies have started realizing that the cloud, while generally more secure than most in-house servers, is not an ultimate security solution. It needs some extra love.
The latest survey by the Cloud Security Alliance (CSA) has revealed 11 leading cloud security concerns for 2019 so far. Yes, 11. That sounds like quite a lot. These concerns come from 241 industry experts who took part in the survey.
And while 11 concerns sound like a lot, most of them aren’t old issues. They are relatively new challenges, which the industry is working on solving. There is good news, too. Last year’s top concerns like Denial of Service and CPS data loss were all rated so low this year, they didn’t even make it in the latest report. So, the industry is definitely moving along and addressing the issues as quickly as it can. Let’s check out the Leading cloud security concerns for 2019:
“Data is becoming the main target of cyberattacks. Defining the business value of data and the impact of its loss is essential, important for organizations that own or process data… Encryption techniques can help protect data, but negatively impacts system performance while making applications less user-friendly.” So, balance is key, along with coming up with better ways of who gets access to what data.
Misconfiguration and inadequate change control
“Cloud-based resources are highly complex and dynamic, making them challenging to configure. Traditional controls and change management approaches are not effective in the cloud… Companies should embrace automation and employ technologies that scan continuously for misconfigured resources and remediate problems in real time.”
Lack of cloud security architecture and strategy
“Ensure security architecture aligns with business goals and objectives. Develop and implement a security architecture framework.”
Insufficient identity, credential, access and key management
“Secure accounts, inclusive to two-factor authentication and limited use of root accounts. Practice the strictest identity and access controls for cloud users and identities.”
“Defense-in-depth and IAM controls are key in mitigating account hijacking.” This is one of the threats which is pointed as very serious and a priority.
“Taking measures to minimize insider negligence can help mitigate the consequences of insider threats. Provide training to your security teams.”
Insecure interfaces and APIs
“Practice good API hygiene. Good practice includes diligent oversight of items such as inventory, testing, auditing, and abnormal activity protections… Consider using standard and open API frameworks (e.g., Open Cloud Computing Interface (OCCI) and Cloud Infrastructure Management Interface (CIMI)).”
Weak control plane
“The cloud customer should perform due diligence and determine if the cloud service they intend to use possesses an adequate control plane.”
Metastructure and applistructure failures
“Cloud service providers must offer visibility and expose mitigations to counteract the cloud’s inherent lack of transparency for tenants. All CSPs should conduct penetration testing and provide findings to customers.”
Limited cloud usage visibility
“Mitigating risks starts with the development of a complete cloud visibility effort from the top down. Mandate companywide training on accepted cloud usage policies and enforcement thereof. All non-approved cloud services must be reviewed and approved by the cloud security architect or third-party risk management.”
Abuse and nefarious use of cloud services
“Enterprises should monitor their employees in the cloud, as traditional mechanisms are unable to mitigate the risks posed by cloud service usage.”
As you can see, threats are becoming more abstract and complex. This requires even more effort to stay on top of them. Luckily, cybersecurity pros like challenges and now they have plenty of them to tackle.