Cloud technology isn’t new, but it’s still unfamiliar ground for many organizations. As if migrating to the cloud wasn’t already a massive undertaking, the added responsibility of integrating a comprehensive security strategy can turn a challenging process into an overwhelming one.
The need for cloud security cannot be overstated—approximately one quarter of our Mandiant incident response engagements involve assets housed on a public cloud, and almost every IR we perform involves public cloud in some way. Complicating matters, according to Gartner, “Through 2022 at least 95% of cloud security failures will be the customer’s fault”. All of this creates a fear, uncertainty and doubt situation, leading organizations to slow their use of public cloud services—or avoid them altogether—in a bid to eliminate risk. This shouldn’t be the case at all.
Organizations should feel confident that with the right security strategy, they can seize cloud efficiencies and streamline their business. Per our view, the following recommendations should be followed, as outlined in greater detail in the Gartner report, Clouds Are Secure, Are You Using Them Securely?*
- “Develop an enterprise cloud strategy, including guidance on what data can be placed into which clouds and under what circumstances.
- Implement and enforce policies on cloud ownership, responsibility and risk acceptance by outlining expectations for form, significance and control of public cloud use.
- Follow a life cycle approach to cloud governance that emphasizes the operational control of your virtual enterprise of SaaS-, PaaS- and IaaS-based services.
- Develop organizational expertise in the implementation and control of each of the cloud models you will be using.
- Implement central management and monitoring planes to overcome the inherent complexity of multicloud use.”
The cloud has many advantages, and it will continue to be targeted by attackers so long as organizations continue to use it. However, the right strategies surrounding cloud use can help mitigate the risk posed by threats targeting the cloud.
Read the report, Clouds Are Secure, Are You Using Them Securely?*, to learn more.
*Gartner, Clouds Are Secure: Are You Using Them Securely?, Jay Heiser, 7 October 2019