6 ways to be more secure in the cloud

If you rely on multiple or hybrid cloud environments to support business processes, you need to be as vigilant protecting data and applications as when they resided on premises.

For years, many business and IT executives have been leery of the public cloud — and even avoided these services outright — because of concerns about security threats.

Those worries have largely abated as the cloud services market matured and the leading cloud providers built highly secure infrastructures. But that doesn’t mean the threats have gone away or that cloud customers should assume they’re no longer responsible for making sure their data is protected.

“The upswing in global cloud adoption has given rise to new cloud security threats, where hackers can study a company's weakness and gain unauthorized access to steal confidential information,” notes the Cloud Security Alliance (CSA), an organization that defines standards, certifications and best practices to help ensure a secure cloud computing environment.

“We need smarter and more agile controls to deal with such threats, and this is where the traditional security measures of cloud service providers [CSPs] fail,” CSA said.

The organization has identified the top threats to cloud computing, based on surveys and questionnaires of its members by the CSA Top Threats Working Group. These include data breaches; lack of cloud security architecture and strategy; insufficient identity, credential, access and key management; account hijacking; insider threats; insecure interfaces and application programming interfaces (APIs); and limited visibility of cloud usage.

Organizations that now rely on multiple or hybrid cloud environments to support their business processes need to be vigilant in ensuring that their data and applications are safe — just as they were when these resources resided on premises.

Research firm Gartner has made a number of predictions about cloud security that should cause concern among CISOs and other security executives.

One is that through 2025, 90 percent of the organizations that fail to control public cloud use will inappropriately share sensitive data. Another is that through 2024, a majority of organizations will continue to struggle with appropriately measuring cloud security risks. And a third is that through 2025, 99 percent of cloud security failures will be the customer’s fault, not the fault of the cloud provider.

Related:

Copyright © 2020 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)